A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.

The vulnerability is due to static credentials for an internal account.

An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.

The vulnerability is due to static credentials for an internal account.

An attacker could exploit this vulnerability by using the static credentials for that account to connect to internal services. Note that this is a restricted account that is used to communicate between instances of ICF, and it does not provide GUI or shell access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf

Security Impact Rating: Medium

CVE: CVE-2016-9204

Leave a Reply