CVE-2017-12350

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Insights Virtual Appliances versions 2.1.0 and earlier

Description A vulnerability could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges due to the presence of default, static user credentials. An attacker could exploit this by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in. A successful exploit could allow the attacker to log in to the affected appliance with root privileges.

Recommendations For Cisco Umbrella Insights Virtual Appliances versions 2.1.0 and earlier, update to a version later than 2.1.0 to resolve the issue. As a temporary workaround, consider changing the default, static user credentials to prevent unauthorized access. Restrict access to the hypervisor console to minimize the risk of exploitation.