cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2017-6709,https://securityvulnerability.io/vulnerability/CVE-2017-6709,,"A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.",Cisco,Cisco Ultra Services Framework,9.8,CRITICAL,0.0038799999747425318,false,,false,false,false,,,false,false,,2017-07-06T00:00:00.000Z,0
CVE-2017-6711,https://securityvulnerability.io/vulnerability/CVE-2017-6711,,"A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395.",Cisco,Cisco Ultra Services Framework,9.1,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2017-07-06T00:00:00.000Z,0
CVE-2017-6714,https://securityvulnerability.io/vulnerability/CVE-2017-6714,,"A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.",Cisco,Cisco Ultra Services Framework,9.8,CRITICAL,0.0022700000554323196,false,,false,false,false,,,false,false,,2017-07-06T00:00:00.000Z,0
CVE-2017-6708,https://securityvulnerability.io/vulnerability/CVE-2017-6708,,"A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.",Cisco,Cisco Ultra Services Framework,9.8,CRITICAL,0.0036899999249726534,false,,false,false,false,,,false,false,,2017-07-06T00:00:00.000Z,0
CVE-2017-6692,https://securityvulnerability.io/vulnerability/CVE-2017-6692,,"A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839.",Cisco,Cisco Ultra Services Framework Element Manager,8.8,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6681,https://securityvulnerability.io/vulnerability/CVE-2017-6681,,"A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.",Cisco,Cisco Ultra Services Framework,7.5,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6680,https://securityvulnerability.io/vulnerability/CVE-2017-6680,,"A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.",Cisco,Cisco Ultra Services Framework,7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6685,https://securityvulnerability.io/vulnerability/CVE-2017-6685,,"A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.",Cisco,Cisco Ultra Services Framework Staging Server,8.8,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6686,https://securityvulnerability.io/vulnerability/CVE-2017-6686,,"A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0.",Cisco,Cisco Ultra Services Framework Element Manager,8.8,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6687,https://securityvulnerability.io/vulnerability/CVE-2017-6687,,"A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.",Cisco,Cisco Ultra Services Framework Element Manager,8.8,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0