VYPR

Ultra Services Framework

by Cisco Systems, Inc.

CVEs (9)

  • CVE-2017-6709CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…

  • CVE-2017-6708CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to…

  • CVE-2017-6711CriJul 6, 2017
    risk 0.59cvss 9.1epss 0.02

    A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper…

  • CVE-2017-6692HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected…

  • CVE-2017-6687HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.…

  • CVE-2017-6686HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…

  • CVE-2017-6771HigAug 17, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this…

  • CVE-2017-6681HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known…

  • CVE-2017-6680HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.