What is the severity of CVE-2017-6640?

CVE-2017-6640 has a high severity rating due to the risk of unauthorized remote access to the administrative console.

How do I fix CVE-2017-6640?

To fix CVE-2017-6640, ensure that the default passwords for the affected Cisco Prime Data Center Network Manager accounts are changed to strong, unique passwords.

Who is affected by CVE-2017-6640?

CVE-2017-6640 affects users of Cisco Prime Data Center Network Manager versions 10.1(1), 10.1(2), and 10.1.0.

What type of attack does CVE-2017-6640 allow?

CVE-2017-6640 allows unauthenticated, remote attackers to gain access to system-level privileges on the DCNM server.

Is CVE-2017-6640 a local or remote vulnerability?

CVE-2017-6640 is a remote vulnerability that can be exploited from outside the network.

Vulnerability/
CVE-2017-6640

critical

CWE

770 264

8/6/2017

3/10/2019

CVE-2017-6640

First published: Thu Jun 08 2017(Updated: )

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Prime Data Center Network Manager (DCNM)	=10.1\(1\)
Cisco Prime Data Center Network Manager (DCNM)	=10.1\(2\)
Cisco Prime Data Center Network Manager (DCNM)	=10.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6640?
CVE-2017-6640 has a high severity rating due to the risk of unauthorized remote access to the administrative console.
How do I fix CVE-2017-6640?
To fix CVE-2017-6640, ensure that the default passwords for the affected Cisco Prime Data Center Network Manager accounts are changed to strong, unique passwords.
Who is affected by CVE-2017-6640?
CVE-2017-6640 affects users of Cisco Prime Data Center Network Manager versions 10.1(1), 10.1(2), and 10.1.0.
What type of attack does CVE-2017-6640 allow?
CVE-2017-6640 allows unauthenticated, remote attackers to gain access to system-level privileges on the DCNM server.
Is CVE-2017-6640 a local or remote vulnerability?
CVE-2017-6640 is a remote vulnerability that can be exploited from outside the network.

agent/event
agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/description
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime data center network manager (dcnm)
version/cisco prime data center network manager (dcnm)/10.1\(1\)
version/cisco prime data center network manager (dcnm)/10.1\(2\)
version/cisco prime data center network manager (dcnm)/10.1.0