Cisco Intercloud Fabric Database Static Credentials Vulnerability

cisco-sa-20161221-icf · Medium · Published 9 years ago · Updated 9 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2016-9217
Cisco Bug IDs	CSCus99394
CVSS Score	Base 6.8 Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Intercloud Fabric	CVE-2016-9217	structured affected CSAF product_status