← volver
CVE-2017-12350

CVE-2017-12350

EPSS 0.3%CWE-798
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 nov 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.
Productos afectados
n/a · Cisco Umbrella Insights Virtual Appliance

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uvahttps://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.htmlhttp://www.securityfocus.com/bid/101879