NVD

Id
88040  
Name
CVE-2017-6713  
Description
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2017-07-05  
Modified Date
2017-07-07  
Seq
2017-6713  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
422136 88040 CVE-2017-8454 http://www.zerodayinitiative.com/advisories/ZDI-17-135/  View
422137 88040 CVE-2017-8454 https://www.foxitsoftware.com/support/security-bulletins.php  View
422138 88040 CVE-2017-8454 http://www.zerodayinitiative.com/advisories/ZDI-17-135/  View
422139 88040 CVE-2017-8454 https://www.foxitsoftware.com/support/security-bulletins.php  View
429222 88040 CVE-2017-1234 http://www.ibm.com/support/docview.wss?uid=swg22004948  View
429223 88040 CVE-2017-1234 https://exchange.xforce.ibmcloud.com/vulnerabilities/123913  View
429224 88040 CVE-2017-1234 http://www.ibm.com/support/docview.wss?uid=swg22004948  View
429225 88040 CVE-2017-1234 https://exchange.xforce.ibmcloud.com/vulnerabilities/123913  View

Related JVN