132 matches found
CVE-2017-6711
Summary (CVE-2017-6711): Cisco Ultra Services Framework’s Ultra Automation Service (UAS) is vulnerable due to an insecure default ZooKeeper configuration. An unauthenticated, remote attacker could access the device via the orchestrator network, gain access to ZooKeeper znodes, and influence the s...
CVE-2017-6709
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
CVE-2017-6714
CVE-2017-6714 affects Cisco Ultra Services Framework Staging Server; the AutoIT service allows an unauthenticated remote attacker to execute arbitrary Linux shell commands as root due to improper shell invocations. Impact is confirmed as remote, unauthenticated arbitrary command execution with ro...
CVE-2017-6711
A vulnerability in the Ultra Automation Service UAS of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the...
CVE-2017-6708
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
Cisco Ultra Services Framework UAS Unauthenticated Access Vulnerability
A vulnerability in the Ultra Automation Service UAS of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the...
Cisco Ultra Services Framework AutoVNF Log File User Credential Information Disclosure Vulnerability
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...
Cisco Ultra Services Framework Remote Security Bypass Vulnerability
Cisco Ultra Services Framework is the United States Cisco Cisco a smart online services payment platform. A security vulnerability exists in the AutoVNF login function in Cisco Ultra Services Framework, which is a program that fails to perform sufficient detection when creating a directory on a...
Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability Vulnerability
Cisco Ultra Services Framework is an intelligent online services payment platform from Cisco, Inc.Element Manager is one of the software used to manage server switches. A security vulnerability exists in Cisco Ultra Services Framework Element Manager. A remote attacker could exploit the...
Cisco Ultra Services Framework Element Manager Default Password Vulnerability
Cisco Ultra Services Framework is an intelligent online services payment platform from Cisco, Inc.Element Manager is one of the software used to manage server switches. A security vulnerability exists in the Cisco Ultra Services Framework Element Manager that stems from the use of default static...
Cisco Ultra Services Framework Element Manager Default Credentials Security Bypass Vulnerability
Cisco Ultra Services Framework is an intelligent online services payment platform from Cisco, Inc.Element Manager is one of the software used to manage server switches. A security vulnerability exists in Cisco Ultra Services Framework Element Manager. A remote attacker could exploit the...
CVE-2017-6685
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected...
CVE-2017-6680
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0...
CVE-2017-6686
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known...
CVE-2017-6687
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information:...
CVE-2017-6685
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected...
CVE-2017-6692
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases:...
Default credentials
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected...
Design/Logic Flaw
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases:...