CVE-2017-12350: CVE-2017-12350

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-12350

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用硬编码的凭证

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco Umbrella Insights Virtual Appliances 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco Umbrella Insights Virtual Appliances是美国思科（Cisco）公司的一款基于云的安全互联网网关设备。 Cisco Umbrella Insights Virtual Appliances 2.1.0及之前的版本中存在安全漏洞，该漏洞源于程序使用了默认的静态用户证书。本地攻击者可借助虚拟机监视器控制台通过本地连接到受影响的系统，然后使用静态证书利用该漏洞以root权限登录到受影响的设备上。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Cisco Umbrella Insights Virtual Appliance	Cisco Umbrella Insights Virtual Appliance	-

II. Public POCs for CVE-2017-12350

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-12350

Please Login to view more intelligence information

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uvax_refsource_CONFIRM
https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.htmlx_refsource_MISC
http://www.securityfocus.com/bid/101879vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2017-12350

New Vulnerabilities

Product: Cisco Umbrella Insights Virtual Appliance

Vendor: n/a

Same weakness: CWE-798

V. Comments for CVE-2017-12350

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2017-12350

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-12350

III. Intelligence Information for CVE-2017-12350

New Vulnerabilities

V. Comments for CVE-2017-12350

Leave a comment