ByteOS Network

NVD Vulnerability Details :

CVE-2017-6709

Deferred

Source-psirt@cisco.com

Published At-06 Jul, 2017 | 00:29

Updated At-20 Apr, 2025 | 01:37

A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Cisco Systems, Inc.

>>ultra_services_framework>>Versions up to 5.0.2(inclusive)

cpe:2.3:a:cisco:ultra_services_framework:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	psirt@cisco.com
CWE-522	Primary	nvd@nist.gov
CWE-532	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2	psirt@cisco.com	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History