CVE-2017-12350
HIGHCisco Umbrella Insights Virtual Appliance < 2.1.0 - Authenticated Use of Hard-coded Credentials
Title source: llmDescription
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101879
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
Scores
CVSS v3
8.2
EPSS
0.0035
EPSS Percentile
26.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
cisco/umbrella_insights_virtual_appliance
< 2.1.0
cisco/umbrella_virtual_appliance
< 2.1.0
n/a/Cisco Umbrella Insights Virtual Appliance
Cisco Umbrella Insights Virtual Appliance
Published
Nov 16, 2017
Tracked Since
Feb 18, 2026