CVE-2017-6713 - OpenCVE

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Elastic Services Controller

Configuration 1 [-]

OR	cpe:2.3:a:cisco:elastic_services_controller:1.0.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:1.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.1.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.2.0:::::::*
	cpe:2.3:a:cisco:elastic_services_controller:2.3.0:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/99437	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-07-06T00:00:00

Updated: 2017-07-06T09:57:01

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6713

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-06T00:29:00.520

Modified: 2019-10-09T23:28:56.687

Link: CVE-2017-6713

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco Elastic Services Controller", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Elastic Services Controller"}]}], "datePublic": "2017-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "99437", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99437"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Elastic Services Controller", "version": {"version_data": [{"version_value": "Cisco Elastic Services Controller"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "99437", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99437"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6713", "datePublished": "2017-07-06T00:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2017-07-06T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "382A6F13-572D-4F0F-A563-2DA5D2AA1686", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B56D33A-3027-4A5E-9FFC-C565865670EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2B4001C-0835-4D77-8930-02A96BAF6BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3A98B6A-3861-43B8-86ED-7DE8C95C1D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "60DA8739-DE37-4086-86C1-3740195DC121", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "66268BF5-4D8B-4A84-87C1-637CAA18C429", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}, {"lang": "es", "value": "Una vulnerabilidad en el Framework Play de Elastic Services Controller (ESC) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso completo al sistema afectado. La vulnerabilidad es debido a las credenciales est\u00e1ticas y por defecto para la interfaz de usuario ESC de Cisco que se comparten entre las instalaciones. Un atacante que puede extraer las credenciales est\u00e1ticas de una instalaci\u00f3n existente de ESC de Cisco podr\u00eda generar un token de sesi\u00f3n de administrador que permita el acceso a todas las instancias de la interfaz de usuario web de ESC. Esta vulnerabilidad afecta a Elastic Services Controller anterior a las versiones 2.3.1.434 y 2.3.2 de Cisco. ID de BUG de Cisco: CSCvc76627."}], "id": "CVE-2017-6713", "lastModified": "2019-10-09T23:28:56.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-06T00:29:00.520", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99437"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}