The vulnerability of the network management system at the Prime Data Center Network Manager arises from the creation of a user account with a pre-set default password. This allows an intruder to gain access with administrator privileges to the DCNM console.

🗓️ 18 Aug 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

A pre-created administrator account with a default password allows remote attackers to gain DCNM console access.

Reporter	Title	Published	Views	Family All 12
CISA	IBM Cisco Security Update	21 Jul 201700:00	–	cisa
Tenable Nessus	Cisco Prime Data Center Network Manager 10.1.x < 10.2.1 Multiple Vulnerabilities (remote check)	22 Jun 201700:00	–	nessus
Tenable Nessus	Cisco Prime Data Center Network Manager Static Credential Authentication Bypass (cisco-sa-20170607-dcnm2)	10 Jul 201700:00	–	nessus
Tenable Nessus	Cisco Prime Data Center Network Manager 10.1.x < 10.2.1 Multiple Vulnerabilities	16 Jun 201700:00	–	nessus
Cisco	Cisco Prime Data Center Network Manager Server Static Credential Vulnerability	7 Jun 201716:00	–	cisco
CNVD	Cisco Prime Data Center Network Manager Default Account Authentication Bypass Vulnerability	9 Jun 201700:00	–	cnvd
CVE	CVE-2017-6640	8 Jun 201713:00	–	cve
Cvelist	CVE-2017-6640	8 Jun 201713:00	–	cvelist
NVD	CVE-2017-6640	8 Jun 201713:29	–	nvd
OpenVAS	Cisco Prime Data Center Network Manager Server Static Credential Vulnerability	8 Jun 201700:00	–	openvas

Source	Link
securityfocus	www.securityfocus.com/bid/98937
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 210

EPSS0.53058

Default password Administrator account Remote access Data Center Manager Console access