Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Intercloud Fabric Director Static Credentials Vulnerability

cisco-sa-20161207-icf · Medium · Published · Updated

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-9204
Cisco Bug IDsCSCus99379
CVSS ScoreBase 6.4
Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Nexus 1000V InterCloud for VMware

Related Products

Product CVE Evidence
Cisco Nexus 1000V InterCloud for VMware CVE-2016-9204 Cisco OpenVuln
Cisco Intercloud Fabric CVE-2016-9204 Cisco OpenVuln