ID CVE-2017-6687 Type cve Reporter NVD Modified 2017-06-20T10:40:13
Description
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6687", "history": [{"lastseen": "2017-06-14T10:54:50", "differentElements": ["cvss", "modified", "cpe"], "edition": 2, "bulletin": {"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6687", "history": [], "id": "CVE-2017-6687", "published": "2017-06-13T02:29:01", "description": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.", "bulletinFamily": "NVD", "title": "CVE-2017-6687", "type": "cve", "cpe": [], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "published", "hash": "93b73d00c311a5b009049591c40cb3fd"}, {"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "title", "hash": "bfea1e2c778dc12f9e18c4f0068d9ba2"}, {"key": "description", "hash": "23a2064aa52872901c79b6149dc673b3"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "href", "hash": "c925e6fa867f1531cd29abb5f011f45e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cvelist", "hash": "1707b3d3efc03660c7f243d391822b06"}, {"key": "modified", "hash": "8615e3e7192208ed8dfc6deaf01a0e54"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "references", "hash": "f2a7d002e76d805f1cd8abf73af54bc5"}], "hash": "d0082cf1440d0a41b943fcf351fedc387b4475044edc8d693ca4ddb7ff214426", "references": ["http://www.securityfocus.com/bid/98981", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5"], "edition": 2, "cvelist": ["CVE-2017-6687"], "lastseen": "2017-06-14T10:54:50", "viewCount": 3, "enchantments": {}, "reporter": "NVD", "objectVersion": "1.3", "modified": "2017-06-13T21:29:02"}}, {"lastseen": "2017-06-13T10:54:08", "differentElements": ["references", "modified"], "edition": 1, "bulletin": {"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6687", "history": [], "id": "CVE-2017-6687", "published": "2017-06-13T02:29:01", "description": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.", "bulletinFamily": "NVD", "title": "CVE-2017-6687", "type": "cve", "cpe": [], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "modified", "hash": "93b73d00c311a5b009049591c40cb3fd"}, {"key": "published", "hash": "93b73d00c311a5b009049591c40cb3fd"}, {"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "title", "hash": "bfea1e2c778dc12f9e18c4f0068d9ba2"}, {"key": "references", "hash": "22e21eb1c74aa67142eebe3c51263f71"}, {"key": "description", "hash": "23a2064aa52872901c79b6149dc673b3"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "href", "hash": "c925e6fa867f1531cd29abb5f011f45e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cvelist", "hash": "1707b3d3efc03660c7f243d391822b06"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "e01bc6011506cac97b159277771ee52efc54023c7dfb6cb4929ca871607ab94b", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5"], "edition": 1, "cvelist": ["CVE-2017-6687"], "lastseen": "2017-06-13T10:54:08", "viewCount": 2, "enchantments": {}, "reporter": "NVD", "objectVersion": "1.3", "modified": "2017-06-13T02:29:01"}}], "assessment": {"href": "", "name": "", "system": ""}, "id": "CVE-2017-6687", "reporter": "NVD", "published": "2017-06-13T02:29:01", "description": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.", "title": "CVE-2017-6687", "cpe": ["cpe:/a:cisco:ultra_services_framework_element_manager:21.0.0"], "bulletinFamily": "NVD", "type": "cve", "scanner": [], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "1df6703f6169f6faa01717cee5fa370a4c6291465de203ed3132ad09a74987d8", "references": ["http://www.securityfocus.com/bid/98981", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5"], "edition": 3, "cvelist": ["CVE-2017-6687"], "lastseen": "2017-06-21T10:56:52", "viewCount": 5, "enchantments": {"vulnersScore": 5.0}, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2701f95fc889ae071976ae5a0bc124d2"}, {"key": "cvelist", "hash": "1707b3d3efc03660c7f243d391822b06"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "23a2064aa52872901c79b6149dc673b3"}, {"key": "href", "hash": "c925e6fa867f1531cd29abb5f011f45e"}, {"key": "modified", "hash": "ea69262f1e4bbd953ec9e37a08ca20c5"}, {"key": "published", "hash": "93b73d00c311a5b009049591c40cb3fd"}, {"key": "references", "hash": "f2a7d002e76d805f1cd8abf73af54bc5"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "bfea1e2c778dc12f9e18c4f0068d9ba2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "objectVersion": "1.3", "modified": "2017-06-20T10:40:13"}
{"result": {"cisco": [{"id": "CISCO-SA-20170607-USF5", "type": "cisco", "title": "Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability", "description": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system.\n\nThe vulnerability is due to weak, hard-coded credentials present on the affected device. An exploit could allow an attacker with access to the management network to log in to the affected device using default credentials present on the system.\n\nThere are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5\"]", "published": "2017-06-07T16:00:00", "cvss": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5", "cvelist": ["CVE-2017-6687"], "lastseen": "2018-04-06T14:38:13"}]}}
