CVE-2017-6711

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Framework UAS versions prior to 5.0.3 and 5.1

Description A vulnerability in the Ultra Automation Service (UAS) could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. This issue is due to an insecure default configuration of the Apache ZooKeeper service. An attacker could exploit this by accessing the device through the orchestrator network, potentially gaining access to ZooKeeper data nodes (znodes) and influencing the system's high-availability feature.

Recommendations For versions prior to 5.0.3, update to Release 5.0.3 or later. For versions prior to 5.1, update to Release 5.1 or later. As a temporary workaround, consider restricting access to the Apache ZooKeeper service to minimize the risk of exploitation.