Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.2
CVSSv3

CVE-2017-12350

Published: 16/11/2017 Updated: 09/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Umbrella Insights Virtual Appliance

Vulnerability Summary

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and previous versions could allow an authenticated, local malicious user to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the malicious user to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco umbrella insights virtual appliance

Vendor Advisories

Cisco: Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
A vulnerability in Cisco Umbrella Insights Virtual Appliances could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance An attacker could exploit this vulnerability by using the hypervi ...

References

CWE-798https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uvahttp://www.securityfocus.com/bid/101879https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook