CVE-2017-6640

Name of the Vulnerable Software and Affected Versions Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms.

Description A vulnerability in the software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. This issue exists due to a default user account with a default, static password that is created automatically during software installation. An attacker could exploit this by connecting remotely to an affected system and logging in with the credentials for this default user account, potentially gaining access to the administrative console of a DCNM server.

Recommendations For Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1), update to Release 10.2(1) or later to resolve the issue. As a temporary workaround, consider changing the default password of the automatically created user account to prevent unauthorized access. Restrict access to the administrative console of the DCNM server to minimize the risk of exploitation.