CiscoCISCO-SA-20161207-ICFCisco Intercloud Fabric Director Static Credentials Vulnerability
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
44.7%
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.
The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco nexus 1000v intercloud for vmware | eq | any | |
| cisco nexus | eq | 1000V InterCloud for VMware |
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
44.7%