CVE-2017-6709

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Framework versions prior to 5.0.3 and 5.1

Description A vulnerability exists in the AutoVNF tool, allowing an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments. This issue arises because the affected software logs administrative credentials in clear text for deployment purposes. An attacker can exploit this by accessing the AutoVNF URL where log files are stored and then accessing the administrative credentials stored in clear text in those log files.

Recommendations For versions prior to 5.0.3, update to Release 5.0.3 or later to resolve the issue. For versions prior to 5.1, update to Release 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AutoVNF URL where log files are stored to minimize the risk of exploitation.