Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller Insecure Default Credentials Vulnerability

cisco-sa-20170607-esc3 · Medium · Published · Updated

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successful exploit could allow the attacker to log in to the affected system as the Linux admin user and perform actions associated with the privileges of the admin user. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6684
Cisco Bug IDsCSCvc76651
CVSS ScoreBase 6.3
Base 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-6684 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6684 Cisco OpenVuln
Cisco Elastic Services Controller CVE-2017-6684 Cisco OpenVuln