SB2017060803 - Multiple vulnerabilities in Cisco Ultra Services Framework
Published: June 8, 2017
Security Bulletin ID
SB2017060803
Severity
Low
Patch available
YES
Number of vulnerabilities
8
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-6695)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.The weakness exists in the ConfD server due to insufficient protection of sensitive files on the system. A local attacker can log in to the ConfD server and read arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
2) Information disclosure (CVE-ID: CVE-2017-6694)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.The weakness exists in the Virtual Network Function Manager's (VNFM) logging function due to insufficient protection of sensitive files on the system. A local attacker can authenticate to the application, navigate to certain configuration logs and discover credentials, which could be used to conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
3) Privilege escalation (CVE-ID: CVE-2017-6692)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of default and static password by user account. A remote attacker can use default credentials to log in to account and gain root privileges.
Successful exploitation of the vulnerability may result in full control over the affected operation system.
4) Access bypass (CVE-ID: CVE-2017-6687)
The vulnerability allows a remote authenticated attacker to gain access to the target system.The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials by the affected device. A remote attacker with access to the management network can use default credentials to log in to the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
5) Access bypass (CVE-ID: CVE-2017-6686)
The vulnerability allows a remote authenticated attacker to gain access to the target system.The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials of the admin and oper accounts by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin or oper accounts of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
6) Access bypass (CVE-ID: CVE-2017-6685)
The vulnerability allows a remote authenticated attacker to gain access to the target system.The weakness exists in the Cisco Ultra Services Framework Staging Server due to use of weak, hard-coded credentials of the admin account by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin user of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
7) Relative path traversal (CVE-ID: CVE-2017-6681)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.The weakness exists in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework due to relative path traversal. A remote attacker can send a specially crafted URL request, perform relative path traversal attack and gain access to sensitive files on the system.
Successful exploitation of the vulnerability results in information disclosure.
8) Improper input validation (CVE-ID: CVE-2017-6680)
The vulnerability allows a remote unauthenticated attacker to create arbitrary directories on the affected system.The weakness exists in the AutoVNF logging function of Cisco Ultra Services Framework due to insufficient checks when creating directories on the system. A remote attacker can create arbitrary directories as root on the system, impact the behavior of other daemons and delete important log data.
Successful exploitation of the vulnerability may result in directory creation.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2