—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Ultra Services Framework UAS Unauthenticated Access Vulnerability

Advisory ID: cisco-sa-20170705-uas

Revision: 1.0

For Public Release: 2017 July 5 16:00 GMT

Last Updated: 2017 July 5 16:00 GMT

CVE ID(s): CVE-2017-6711

CVSS Score v(3): 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

+———————————————————————

Summary
=======
A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device.

The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system’s high-availability feature.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-uas [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-uas”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZXQ8EZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnrbxAAs+fa85sPjU/QPnwa
8owfNZ3TzNBg2OQL6fl0ILyEl7u6B46fVDxx5PJTMB73juX2iMivpdMPhCR67nQU
AR5sk9xOMdHIXFFZ4Itwu1nQx3qQXJbbDyyC0kDFRbsXSwPEpQ+NOAvFgygDrwhw
8dBMKMu9lGM1K05C8VUaw9jyGBfnrZn39XUs04Z5IpRogjotyAc1/fj3AHY4Bhni
QXKhxt5lircitlzNgoE39VJFUldJ7ZEqAzd2L2eHyuPPXL1mJU8CQHwcnipup16O
CXuXtBHSuNHebqD1ctS00TrQNrgPxD3rEy4Rs5QZvCyc6TtgNDBQIkW//R9oLZkh
KsTp69BCxDOouxtFqmkK3ziF2ugnlmHF/s4R8xXB0c307toUag/exNpguI+MbKcI
Uz4lRJn2sfFp7h5r9Di3Wt/M7mNWNCmBNLGYoszwTJl/uWD/nqnb9kJtJncTbSqb
7GmQfSEUPiR80EptA8Xt53pYYKgOiq8A9ndAWDaqsOPD73IwQubGwHCpv/IX2uhL
VspH5WOmN0tY3MS82n8XYIDy+GgETvIpjCyqLyL2ESgoPswfoLwuNmbjKX/oZS9b
51tu+sXKWOgO7SibCPllH5fFO8rkLFKxTf41tWbYqCSWSSSEY0tP5OT1gOW0YfPP
pa5Qh/bg7YrNZyV4iqosIcMrZOk=
=cQks
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com