CVE-2017-6640 (CNNVD-201706-315)
中文标题:
Cisco Prime Data Center Network Manager 安全漏洞
英文标题:
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenti...
漏洞描述
中文描述:
Cisco Prime Data Center Network Manager(DCNM)是美国思科(Cisco)公司的一套数据中心网络管理器。该管理器可对网络进行多协议管理,并对交换机的运行状况和性能提供故障排除功能。 基于Microsoft Windows、Linux和Virtual Appliance平台的Cisco Prime DCNM Software 10.2(1)之前的版本中存在安全漏洞,该漏洞源于软件中含有带有默认静态密码的默认账户。远程攻击者可通过使用带有默认静态密码的账户利用该漏洞登录到DCNM服务器的管理控制台。
英文描述:
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | prime_data_center_network_manager | 10.1\(1\) | - | - |
cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\(1\):*:*:*:*:*:*:*
|
| cisco | prime_data_center_network_manager | 10.1\(2\) | - | - |
cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\(2\):*:*:*:*:*:*:*
|
| cisco | prime_data_center_network_manager | 10.1.0 | - | - |
cpe:2.3:a:cisco:prime_data_center_network_manager:10.1.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-6640 |
2025-11-11 15:19:31 | 2025-11-11 07:34:51 |
| NVD | nvd_CVE-2017-6640 |
2025-11-11 14:55:28 | 2025-11-11 07:43:28 |
| CNNVD | cnnvd_CNNVD-201706-315 |
2025-11-11 15:09:50 | 2025-11-11 07:53:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 权限许可和访问控制问题
- cnnvd_id: 未提取 -> CNNVD-201706-315
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 0 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']