CVE-2017-6688

HIGH

Cisco Elastic Services Controllers <2.2.9.76 - Privilege Escalation

Title source: llm

Description

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).

References (2)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98973

Scores

CVSS v3 8.8

EPSS 0.0099

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (2)

cisco/elastic_services_controller 2.2\(9.76\)

n/a/Cisco Elastic Services Controller Cisco Elastic Services Controller

Published Jun 13, 2017

Tracked Since Feb 18, 2026