Vulnerabilities > CVE-2017-6689 - Insecure Default Initialization of Resource vulnerability in Cisco Elastic Services Controller 2.2(9.76)

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

CWE-1188

NVD

Published: 2017-06-13

Updated: 2019-10-03

Summary

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76).

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Elastic Services Controller 2.2\(9.76\)	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

http://www.securityfocus.com/bid/98983
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5