{"containers": {"cna": {"affected": [{"product": "Cisco Elastic Services Controller", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Elastic Services Controller"}]}], "datePublic": "2017-07-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "99437", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99437"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Elastic Services Controller", "version": {"version_data": [{"version_value": "Cisco Elastic Services Controller"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "99437", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99437"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:16.902Z"}, "title": "CVE Program Container", "references": [{"name": "99437", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99437"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6713", "datePublished": "2017-07-06T00:00:00.000Z", "dateReserved": "2017-03-09T00:00:00.000Z", "dateUpdated": "2024-08-05T15:41:16.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "382A6F13-572D-4F0F-A563-2DA5D2AA1686", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B56D33A-3027-4A5E-9FFC-C565865670EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2B4001C-0835-4D77-8930-02A96BAF6BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3A98B6A-3861-43B8-86ED-7DE8C95C1D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "60DA8739-DE37-4086-86C1-3740195DC121", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "66268BF5-4D8B-4A84-87C1-637CAA18C429", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."}, {"lang": "es", "value": "Una vulnerabilidad en el Framework Play de Elastic Services Controller (ESC) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso completo al sistema afectado. La vulnerabilidad es debido a las credenciales est\u00e1ticas y por defecto para la interfaz de usuario ESC de Cisco que se comparten entre las instalaciones. Un atacante que puede extraer las credenciales est\u00e1ticas de una instalaci\u00f3n existente de ESC de Cisco podr\u00eda generar un token de sesi\u00f3n de administrador que permita el acceso a todas las instancias de la interfaz de usuario web de ESC. Esta vulnerabilidad afecta a Elastic Services Controller anterior a las versiones 2.3.1.434 y 2.3.2 de Cisco. ID de BUG de Cisco: CSCvc76627."}], "id": "CVE-2017-6713", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-06T00:29:00.520", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99437"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}