Resource exhaustion in Cisco Prime_data_center_network_manager

CVE-2017-6640

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. Th…

EPSS: 0.531 (98.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Cisco Prime_data_center_network_manager — versions 10.1\(1\), 10.1\(2\), 10.1.0
  • N/a Cisco Prime Data Center Network Manager Server Static Credential Vulnerability — versions Cisco Prime Data Center Network Manager Server Static Credential Vulnerability

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2017-6640?
CVE-2017-6640 is a critical-severity vulnerability in Cisco Prime_data_center_network_manager, classified under CWE-264. CVSS score: 9.8/10. Published 2017-06-08.
How severe is CVE-2017-6640?
Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-6640 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.