Details of VAR-201706-0555

ID

VAR-201706-0555

CVE

CVE-2017-6640

TITLE

Cisco Prime Data Center Network Manager In software DCNM Vulnerability to log in to the server management console

Trust: 0.8

sources: JVNDB: JVNDB-2017-004719

DESCRIPTION

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Trust: 1.98

sources: NVD: CVE-2017-6640 // JVNDB: JVNDB-2017-004719 // BID: 98937 // VULHUB: VHN-114843

AFFECTED PRODUCTS

vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.1\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	10.1\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager 5.2	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	prime data center network manager	scope:	lt	version:	10.2(1)	Trust: 0.8
vendor:	cisco	model:	prime data center network manager 6.1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.3(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager 6.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.2(5)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.2(3)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.2(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.2(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	prime data center network manager 5.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2.(3)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2(3)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2(1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1(5)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1(4)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1(2)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors	scope:	eq	version:	950010.1(1.19)	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors	scope:	eq	version:	950010.0(1.1)	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	ne	version:	10.2(1)	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors 10.1 s0	scope:	ne	version:	9500	Trust: 0.3

sources: BID: 98937 // JVNDB: JVNDB-2017-004719 // CNNVD: CNNVD-201706-315 // NVD: CVE-2017-6640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6640
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6640
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201706-315
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-114843
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6640
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114843
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6640
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114843 // JVNDB: JVNDB-2017-004719 // CNNVD: CNNVD-201706-315 // NVD: CVE-2017-6640

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-114843 // JVNDB: JVNDB-2017-004719 // NVD: CVE-2017-6640

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-315

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201706-315

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004719

PATCH

title:	cisco-sa-20170607-dcnm2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2	Trust: 0.8
title:	Cisco Prime Data Center Network Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70849	Trust: 0.6

sources: JVNDB: JVNDB-2017-004719 // CNNVD: CNNVD-201706-315

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6640	Trust: 2.8
db:	BID	id:	98937	Trust: 2.0
db:	SECTRACK	id:	1038625	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-004719	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-315	Trust: 0.7
db:	VULHUB	id:	VHN-114843	Trust: 0.1

sources: VULHUB: VHN-114843 // BID: 98937 // JVNDB: JVNDB-2017-004719 // CNNVD: CNNVD-201706-315 // NVD: CVE-2017-6640

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-dcnm2	Trust: 2.0
url:	http://www.securityfocus.com/bid/98937	Trust: 1.7
url:	http://www.securitytracker.com/id/1038625	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6640	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6640	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114843 // BID: 98937 // JVNDB: JVNDB-2017-004719 // CNNVD: CNNVD-201706-315 // NVD: CVE-2017-6640

CREDITS

Antonius Mulder

Trust: 0.3

sources: BID: 98937

SOURCES

db:	VULHUB	id:	VHN-114843
db:	BID	id:	98937
db:	JVNDB	id:	JVNDB-2017-004719
db:	CNNVD	id:	CNNVD-201706-315
db:	NVD	id:	CVE-2017-6640

LAST UPDATE DATE

2024-11-23T22:52:25.611000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114843	date:	2019-10-03T00:00:00
db:	BID	id:	98937	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004719	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-315	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6640	date:	2024-11-21T03:30:11.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114843	date:	2017-06-08T00:00:00
db:	BID	id:	98937	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004719	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-315	date:	2017-06-09T00:00:00
db:	NVD	id:	CVE-2017-6640	date:	2017-06-08T13:29:00.483