CVE-2017-6713 - OpenCVE

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Elastic Services Controller

Configuration 1 [-]

OR	cpe:2.3:a:cisco:elastic_services_controller:1.0.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:1.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.3.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99437
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-07-06T00:00:00

Updated: 2024-08-05T15:41:16.902Z

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6713

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-06T00:29:00.520

Modified: 2019-10-09T23:28:56.687

Link: CVE-2017-6713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Elastic Services Controller", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Elastic Services Controller"}]}], "datePublic": "2017-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "99437", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99437"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Elastic Services Controller", "version": {"version_data": [{"version_value": "Cisco Elastic Services Controller"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "99437", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99437"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:16.902Z"}, "title": "CVE Program Container", "references": [{"name": "99437", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99437"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6713", "datePublished": "2017-07-06T00:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-08-05T15:41:16.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "382A6F13-572D-4F0F-A563-2DA5D2AA1686", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B56D33A-3027-4A5E-9FFC-C565865670EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2B4001C-0835-4D77-8930-02A96BAF6BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3A98B6A-3861-43B8-86ED-7DE8C95C1D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "60DA8739-DE37-4086-86C1-3740195DC121", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "66268BF5-4D8B-4A84-87C1-637CAA18C429", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}, {"lang": "es", "value": "Una vulnerabilidad en el Framework Play de Elastic Services Controller (ESC) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso completo al sistema afectado. La vulnerabilidad es debido a las credenciales est\u00e1ticas y por defecto para la interfaz de usuario ESC de Cisco que se comparten entre las instalaciones. Un atacante que puede extraer las credenciales est\u00e1ticas de una instalaci\u00f3n existente de ESC de Cisco podr\u00eda generar un token de sesi\u00f3n de administrador que permita el acceso a todas las instancias de la interfaz de usuario web de ESC. Esta vulnerabilidad afecta a Elastic Services Controller anterior a las versiones 2.3.1.434 y 2.3.2 de Cisco. ID de BUG de Cisco: CSCvc76627."}], "id": "CVE-2017-6713", "lastModified": "2019-10-09T23:28:56.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-06T00:29:00.520", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99437"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}