CVE-2017-12350
Last modified
CVE-2017-12350 is a vulnerability of currently unknown severity. A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Umbrella Virtual Appliance | <= 2.1.0 |
References
- http://www.securityfocus.com/bid/101879Third Party Advisory, VDB Entry
- https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.htmlThird Party Advisory
- http://www.securityfocus.com/bid/101879Third Party Advisory, VDB Entry
- https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12350?
How severe is CVE-2017-12350?
How do I fix CVE-2017-12350?
Are you affected by CVE-2017-12350?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST