Multiple vulnerabilities in Cisco Ultra Services Framework
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2017-6695 CVE-2017-6694 CVE-2017-6692 CVE-2017-6687 CVE-2017-6686 CVE-2017-6685 CVE-2017-6681 CVE-2017-6680 |
| CWE-ID | CWE-200 CWE-255 CWE-798 CWE-23 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Ultra Services Framework Server applications / Frameworks for developing and running applications |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU6972
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6695
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the ConfD server due to insufficient protection of sensitive files on the system. A local attacker can log in to the ConfD server and read arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU6973
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6694
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the Virtual Network Function Manager's (VNFM) logging function due to insufficient protection of sensitive files on the system. A local attacker can authenticate to the application, navigate to certain configuration logs and discover credentials, which could be used to conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU6974
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6692
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of default and static password by user account. A remote attacker can use default credentials to log in to account and gain root privileges.
Successful exploitation of the vulnerability may result in full control over the affected operation system.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Access bypass
EUVDB-ID: #VU6976
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6687
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain access to the target system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials by the affected device. A remote attacker with access to the management network can use default credentials to log in to the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Access bypass
EUVDB-ID: #VU6977
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6686
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain access to the target system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials of the admin and oper accounts by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin or oper accounts of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Access bypass
EUVDB-ID: #VU6978
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6685
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain access to the target system.
The weakness exists in the Cisco Ultra Services Framework Staging Server due to use of weak, hard-coded credentials of the admin account by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin user of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Relative path traversal
EUVDB-ID: #VU6979
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6681
CWE-ID:
CWE-23 - Relative Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework due to relative path traversal. A remote attacker can send a specially crafted URL request, perform relative path traversal attack and gain access to sensitive files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU6980
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6680
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to create arbitrary directories on the affected system.
The weakness exists in the AutoVNF logging function of Cisco Ultra Services Framework due to insufficient checks when creating directories on the system. A remote attacker can create arbitrary directories as root on the system, impact the behavior of other daemons and delete important log data.
Successful exploitation of the vulnerability may result in directory creation.
Install update from vendor's website.
Cisco Ultra Services Framework: All versions
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
