ESB-2017.1455

Operating System:

Published:

12 June 2017

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Resources > Security Bulletins > ESB-2017.1455

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2017.1455
Multiple vulnerabilities have been identified in Cisco Ultra
Services Framework
12 June 2017

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: Cisco Ultra Services Framework
Publisher: Cisco Systems
Operating System: Ubuntu
Red Hat
Impact/Access: Root Compromise -- Existing Account
Create Arbitrary Files -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6692 CVE-2017-6687 CVE-2017-6686
CVE-2017-6685 CVE-2017-6681 CVE-2017-6680

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6

Comment: This bulletin contains six (6) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Security Advisory

Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation
Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf1

First Published:
2017 June 7 16:00 GMT
Version 1.0:
Final

Workarounds:
No workarounds available
Cisco Bug IDs:
CSCvc76652
CVE-2017-6680
CWE-20

CVSS Score:
Base 4.3, Temporal 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
CVE-2017-6680
CWE-20

Summary

A vulnerability in the AutoVNF logging function of Cisco Ultra Services
Framework could allow an unauthenticated, remote attacker to create
arbitrary directories on the affected system.

The vulnerability is due to insufficient checks when creating directories
on the system. An attacker could exploit this vulnerability by creating
arbitrary directories as root on the system and potentially impacting the
behavior of other daemons and deleting important log data. An exploit could
allow the attacker to create arbitrary directories on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework. For information
about affected software releases, consult the Cisco bug ID(s) at the top of
this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page, to determine exposure and a
complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information
or contain factual errors. The information in this document is intended for
end users of Cisco products.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------------------------------------------------------------
Cisco Security Advisory

Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure
Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf2

First Published:
2017 June 7 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvc76662
CVE-2017-6681
CWE-200

CVSS Score:
Base 4.3, Temporal 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
CVE-2017-6681
CWE-200

Summary

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services
Framework could allow an unauthenticated, remote attacker to execute a
relative path traversal attack, enabling an attacker to read sensitive
files on the system.

The vulnerability is due to insufficient sanity checks against crafted URL
requests. An attacker could exploit this vulnerability by crafting a URL
request against an affected device. An exploit could allow the attacker to
execute a relative path traversal attack, enabling the attacker to read
sensitive files on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework. For information
about affected software releases, consult the Cisco bug ID(s) at the top of
this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Legal Disclaimer

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------------------------------------------------------------
Cisco Security Advisory

Cisco Ultra Services Framework Staging Server Insecure Default Credentials
Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf3

First Published:
2017 June 7 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvc76681
CVE-2017-6685
CWE-255
CVSS Score:
Base 6.3, Temporal 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
CVE-2017-6685
CWE-255

Summary

A vulnerability in Cisco Ultra Services Framework Staging Server could
allow an authenticated, remote attacker with access to the management
network to log in as an admin user of the affected device.

The vulnerability is due to weak, hard-coded credentials of the admin user
present on the affected device. An exploit could allow the attacker with
access to the management network to log in as an admin user of the affected
device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework Staging Server.
For information about affected software releases, consult the Cisco bug ID
(s) at the top of this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Legal Disclaimer

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------------------------------------------------------------
Cisco Security Advisory

Cisco Ultra Services Framework Element Manager Insecure Default Credentials
Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf4

First Published:
2017 June 7 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvc76699
CVE-2017-6686
CWE-255
CVSS Score:
Base 6.3, Temporal 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
CVE-2017-6686
CWE-255

Summary

A vulnerability in Cisco Ultra Services Framework Element Manager could
allow an authenticated, remote attacker with access to the management
network to log in as an admin or oper user of the affected device.

The vulnerability is due to weak, hard-coded credentials of the admin and
oper user present on the affected device. An exploit could allow the
attacker with access to the management network to log in as an admin or
oper user of the affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework Element Manager.
For information about affected software releases, consult the Cisco bug ID
(s) at the top of this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Legal Disclaimer

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------------------------------------------------------------
Cisco Security Advisory

Cisco Ultra Services Framework Element Manager Insecure Default Password
Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf5

First Published:
2017 June 7 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvc76695
CVE-2017-6687
CWE-255

CVSS Score:
Base 6.3, Temporal 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
CVE-2017-6687
CWE-255

Summary

A vulnerability in Cisco Ultra Services Framework Element Manager could
allow an authenticated, remote attacker with access to the management
network to log in to the affected device using default credentials present
on the system.

The vulnerability is due to weak, hard-coded credentials present on the
affected device. An exploit could allow an attacker with access to the
management network to log in to the affected device using default
credentials present on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework Element Manager.
For information about affected software releases, consult the Cisco bug ID
(s) at the top of this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Legal Disclaimer

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------------------------------------------------------------

Cisco Security Advisory

Cisco Ultra Services Framework Element Manager Insecure Default Account
Information Vulnerability

Medium

Advisory ID:
cisco-sa-20170607-usf6

First Published:
2017 June 7 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvd85710
CVE-2017-6692
CWE-255

CVSS Score:
Base 6.3, Temporal 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
CVE-2017-6692
CWE-255

Summary

A vulnerability in Cisco Ultra Services Framework Element Manager could
allow an authenticated, remote attacker to log in to the device with the
privileges of the root user.

The vulnerability is due to a user account that has a default and static
password. An attacker could exploit this vulnerability by connecting to the
affected system using this default account. An exploit could allow the
attacker to log in with the default credentials, allowing the attacker to
gain control of the underlying operating system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6

Affected Products

Vulnerable Products

This vulnerability affects Cisco Ultra Services Framework Element Manager.
For information about affected software releases, consult the Cisco bug ID
(s) at the top of this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6

Revision History

Version Description Section Status Date

1.0 Initial public release. Final 2017-June-07

Show Less

Legal Disclaimer

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWT30Kox+lLeg9Ub1AQj6vw//QlKdkfzVppSydLYKt/sz3u3594rxuCon
AMqs8Cv9nsYYq34Ao6iXSkNtj/2QXcSVkOIHA94eV7csN9TeInTsMZoyRDgssjN2
sA/rRZ4QnMna384GPG6NUjDp6Bwsd9zFBlFLB22u/n2LPfkD7Eg/aGg+t0NVDcqG
mO8LfzPz62+mnFqAj0FsK6g+reaFBrNfUr/nSk15h6s9OyIs0EvCqkamfCjIOXq9
OBDMwt8HOA52UK1Obq4u+TBvR2EGb7xHSrQxTAuuf8vC5HGxVq3G+hilmSn43X56
hDD8p7+9yiMoflhq7SFRsizuesjPxZbOHHRqG6yIVBXdtjIZrkrhwFnVJKJjNfvk
uRha6NvlmNx2V6gSdNuUEqyyx0DFWow4tScrHcQd8UzN51EXOv2LaY78ikDjJKHI
qr+ASWVL+ROapJdeDJY9MIWYE8Vv6wjwFtc90EzFvUy+HFv4fjOILclJ70rIBXks
1YMlCzXUFVW4UldNl7jXxjuOO81So1DxpT77d1Mq5bNQmAWOyMwEo1TUhfg3q/KT
ksWoGVKcOyWOYOfc8DlHzPhma/IVIScqSaBTNkNr2lGx6HHEqxyZJ3zckmYnOKUE
OHM2Jj8rWcvHeQ4jME3h3Reop2KhHEmznSihVQ4LYphWxl7axyEW5O6k4BSDsEl8
AspZrsNynTY=
=nPcY
-----END PGP SIGNATURE-----