CVE-2017-6709

CVE-2017-6709

Vendor N/A
Product Cisco Ultra Services Framework
Weakness CWE-200 · Info exposure
Published July 6, 2017
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.

Key dates

02Disclosure timeline

July 6, 2017 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-39192 Privilege escalation: all users can access Admin-level API keys CVE-2024-13622 File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2023-30540 Chat poll data can still be queried from API after purging history in Nextcloud talk CVE-2023-31133 Ghost vulnerable to disclosure of private API fields CVE-2022-29235 Limited data exposure for shared external videos in BigBlueButton