Wednesday, December 21, 2016

Cisco Intercloud Fabric Database Static Credentials Vulnerability

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.

The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2ha5rME A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.

The vulnerability occurs because the database account uses static credentials. An attacker could exploit this vulnerability by using these credentials to connect to the database. The contents of the database can then be examined or modified. Note that this database contains only internal objects used by the application. The database does not contain other credentials.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2ha5rME
Security Impact Rating: Medium
CVE: CVE-2016-9217

from Cisco Security Advisory http://ift.tt/2ha5rME

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.