CVE-2017-12350

Published: Nov 16, 2017Modified: Jun 22, 2026

8.2

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.

Affected (1)

Products: Cisco: Umbrella Virtual Appliance

1 product

Umbrella Virtual Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Umbrella Virtual Appliance	Up to 2.1.0

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

http://www.securityfocus.com/bid/101879

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva

Source: psirt@cisco.com

Vendor Advisory

https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html

Source: psirt@cisco.com

Third Party Advisory

http://www.securityfocus.com/bid/101879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.