Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user.

The vulnerability is due to the existence of a default, weak, hard-coded password for the admin user of an affected system. An attacker could exploit this vulnerability by logging in to an affected system via Secure Shell (SSH) on TCP port 2024 and using the default password to authenticate to the system as the admin user. A successful exploit could allow the attacker to log in to the affected system as the admin user and perform actions associated with the privileges of the admin user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5”]