CVE-2017-6713

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/99437	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:elastic_services_controller:1.0.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:1.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.3.0:::::::*

History

No history.

Information

Published : 2017-07-06 00:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-6713

Mitre link : CVE-2017-6713

CVE.ORG link : CVE-2017-6713

JSON object : View

Products Affected

cisco

elastic_services_controller

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2017-6713", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-06T00:29:00.520", "references": [{"url": "http://www.securityfocus.com/bid/99437", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}, {"lang": "es", "value": "Una vulnerabilidad en el Framework Play de Elastic Services Controller (ESC) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso completo al sistema afectado. La vulnerabilidad es debido a las credenciales est\u00e1ticas y por defecto para la interfaz de usuario ESC de Cisco que se comparten entre las instalaciones. Un atacante que puede extraer las credenciales est\u00e1ticas de una instalaci\u00f3n existente de ESC de Cisco podr\u00eda generar un token de sesi\u00f3n de administrador que permita el acceso a todas las instancias de la interfaz de usuario web de ESC. Esta vulnerabilidad afecta a Elastic Services Controller anterior a las versiones 2.3.1.434 y 2.3.2 de Cisco. ID de BUG de Cisco: CSCvc76627."}], "lastModified": "2019-10-09T23:28:56.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "382A6F13-572D-4F0F-A563-2DA5D2AA1686"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B56D33A-3027-4A5E-9FFC-C565865670EA"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B4001C-0835-4D77-8930-02A96BAF6BD4"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A98B6A-3861-43B8-86ED-7DE8C95C1D7B"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60DA8739-DE37-4086-86C1-3740195DC121"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66268BF5-4D8B-4A84-87C1-637CAA18C429"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}