cvelistv5 - CVE-2017-6714

CVE-2017-6714 (GCVE-0-2017-6714)

Vulnerability from cvelistv5 – Published: 2017-07-06 00:00 – Updated: 2024-08-05 15:41

Summary

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.

Severity ?

No CVSS data available.

CWE

CWE-78

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/99436	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Ultra Services Framework	Affected: Cisco Ultra Services Framework

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99436",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99436"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Ultra Services Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Ultra Services Framework"
            }
          ]
        }
      ],
      "datePublic": "2017-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "99436",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99436"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Ultra Services Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Ultra Services Framework"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99436",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99436"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6714",
    "datePublished": "2017-07-06T00:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.2\", \"matchCriteriaId\": \"991C1294-F10F-4CFB-BCB7-A17A4A07A57D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el servicio AutoIT de Staging Server del Framework Ultra Services de Cisco, podr\\u00eda permitir a un atacante remoto no autenticado ejecutar comandos shell arbitrarios como usuario root de Linux. La vulnerabilidad es debido a invocaciones shell inapropiadas. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante la creaci\\u00f3n de entradas de comandos de la CLI para ejecutar comandos shell de Linux como usuario root. Esta vulnerabilidad afecta a todas las versiones de Staging Server de Ultra Services Framework anterior a las versiones 5.0.3 y 5.1 de Cisco. ID de BUG de Cisco: CSCvc76673.\"}]",
      "id": "CVE-2017-6714",
      "lastModified": "2024-11-21T03:30:21.860",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-06T00:29:00.553",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99436\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99436\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6714\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-07-06T00:29:00.553\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el servicio AutoIT de Staging Server del Framework Ultra Services de Cisco, podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos shell arbitrarios como usuario root de Linux. La vulnerabilidad es debido a invocaciones shell inapropiadas. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la creaci\u00f3n de entradas de comandos de la CLI para ejecutar comandos shell de Linux como usuario root. Esta vulnerabilidad afecta a todas las versiones de Staging Server de Ultra Services Framework anterior a las versiones 5.0.3 y 5.1 de Cisco. ID de BUG de Cisco: CSCvc76673.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.2\",\"matchCriteriaId\":\"991C1294-F10F-4CFB-BCB7-A17A4A07A57D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99436\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Elastic Services Controller versions antérieures à 2.3.1.434 et 2.3.2
Cisco	N/A	Cisco StarOS pour le logiciel Virtualized Packet Core-Distributed Instance (VPC-DI)
Cisco	N/A	Cisco Ultra Services Framework versions antérieures à 5.0.3 et 5.1
Cisco	N/A	Cisco Ultra Services Framework Staging Server versions antérieures à 5.0.3 et 5.1
Cisco	N/A	Cisco StarOS pour le logiciel Virtualized Packet Core-Single Instance (VPC-SI)
Cisco	N/A	Cisco StarOS pour ASR 5000 Series, ASR 5500 Series, ASR 5700 Series
Cisco	N/A	Cisco Ultra Services Framework UAS versions antérieures à 5.0.3 et 5.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170705-usf3 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-esc2 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-usf1 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-uas du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-usf2 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-esc1 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf1 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-esc1 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-esc2 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-uas du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf2 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf3 du 05 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Elastic Services Controller versions ant\u00e9rieures \u00e0 2.3.1.434 et 2.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour le logiciel Virtualized Packet Core-Distributed Instance (VPC-DI)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework Staging Server versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour le logiciel Virtualized Packet Core-Single Instance (VPC-SI)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour ASR 5000 Series, ASR 5500 Series, ASR 5700 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework UAS versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6714"
    },
    {
      "name": "CVE-2017-6708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6708"
    },
    {
      "name": "CVE-2017-6713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6713"
    },
    {
      "name": "CVE-2017-6709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6709"
    },
    {
      "name": "CVE-2017-6712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6712"
    },
    {
      "name": "CVE-2017-6707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6707"
    },
    {
      "name": "CVE-2017-6711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6711"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-asrcmd du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf1 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc1 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc2 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-uas du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-uas"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf2 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf3 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
    }
  ],
  "reference": "CERTFR-2017-AVI-202",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf3 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc2 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf1 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-uas du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf2 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc1 du 05 juillet 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Elastic Services Controller versions antérieures à 2.3.1.434 et 2.3.2
Cisco	N/A	Cisco StarOS pour le logiciel Virtualized Packet Core-Distributed Instance (VPC-DI)
Cisco	N/A	Cisco Ultra Services Framework versions antérieures à 5.0.3 et 5.1
Cisco	N/A	Cisco Ultra Services Framework Staging Server versions antérieures à 5.0.3 et 5.1
Cisco	N/A	Cisco StarOS pour le logiciel Virtualized Packet Core-Single Instance (VPC-SI)
Cisco	N/A	Cisco StarOS pour ASR 5000 Series, ASR 5500 Series, ASR 5700 Series
Cisco	N/A	Cisco Ultra Services Framework UAS versions antérieures à 5.0.3 et 5.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170705-usf3 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-esc2 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-usf1 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-uas du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-usf2 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-esc1 du 05 juillet 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf1 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-esc1 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-esc2 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-uas du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf2 du 05 juillet 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170705-usf3 du 05 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Elastic Services Controller versions ant\u00e9rieures \u00e0 2.3.1.434 et 2.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour le logiciel Virtualized Packet Core-Distributed Instance (VPC-DI)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework Staging Server versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour le logiciel Virtualized Packet Core-Single Instance (VPC-SI)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco StarOS pour ASR 5000 Series, ASR 5500 Series, ASR 5700 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Ultra Services Framework UAS versions ant\u00e9rieures \u00e0 5.0.3 et 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6714"
    },
    {
      "name": "CVE-2017-6708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6708"
    },
    {
      "name": "CVE-2017-6713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6713"
    },
    {
      "name": "CVE-2017-6709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6709"
    },
    {
      "name": "CVE-2017-6712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6712"
    },
    {
      "name": "CVE-2017-6707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6707"
    },
    {
      "name": "CVE-2017-6711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6711"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-asrcmd du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf1 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc1 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc2 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-uas du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-uas"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf2 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf3 du 05    juillet 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
    }
  ],
  "reference": "CERTFR-2017-AVI-202",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf3 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc2 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-asrcmd du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf1 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-uas du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-usf2 du 05 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170705-esc1 du 05 juillet 2017",
      "url": null
    }
  ]
}

VAR-201707-0924

Vulnerability from variot - Updated: 2023-12-18 12:57

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0924",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ultra services framework staging server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0.2"
      },
      {
        "model": "ultra services framework staging server",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ultra services framework staging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.0.2"
      },
      {
        "model": "ultra services framework staging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "ultra services framework staging server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0.3"
      },
      {
        "model": "ultra services framework staging server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "99436"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6714",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-6714",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114917",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6714",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6714",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-150",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114917",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6714",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. This may aid in further attacks. AutoIT service is one of those services. The vulnerability comes from the fact that the program does not invoke the shell correctly",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "BID",
        "id": "99436"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6714",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "99436",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114917",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "db": "BID",
        "id": "99436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "id": "VAR-201707-0924",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:57:19.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170705-usf3",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-usf3"
      },
      {
        "title": "Cisco Ultra Services Framework Staging Server AutoIT service Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71507"
      },
      {
        "title": "Cisco: Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170705-usf3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-usf3"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/99436"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6714"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6714"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "db": "BID",
        "id": "99436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "db": "BID",
        "id": "99436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "date": "2017-07-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "BID",
        "id": "99436"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "date": "2017-07-06T00:29:00.553000",
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114917"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6714"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "BID",
        "id": "99436"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      },
      {
        "date": "2019-10-09T23:28:56.827000",
        "db": "NVD",
        "id": "CVE-2017-6714"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Ultra Services Framework Staging Server of  AutoIT In service  Linux root Vulnerability to execute arbitrary shell commands as a user",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005279"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-150"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-17018

Vulnerability from cnvd - Published: 2017-07-27

Title

Cisco Ultra Services Framework Staging Server任意命令执行漏洞

Description

Cisco Ultra是虚拟的、移动服务平台。 Cisco Ultra Services Framework Staging Server的AutoIT服务存在安全漏洞，由于未能正确的调用shell，未经身份验证的远程攻击者可利用漏洞以Linux root用户执行任意shell命令。

Severity

高

Patch Name

Cisco Ultra Services Framework Staging Server任意命令执行漏洞的补丁

Patch Description

Cisco Ultra是虚拟的、移动服务平台。 Cisco Ultra Services Framework Staging Server的AutoIT服务存在安全漏洞，由于未能正确的调用shell，未经身份验证的远程攻击者可利用漏洞以Linux root用户执行任意shell命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Cisco已经为此发布了一个安全公告（cisco-sa-20170705-usf3）以及相应补丁： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3

Reference

http://www.securityfocus.com/bid/99436

Impacted products

Name
Cisco Ultra Services Framework Staging Server 4.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99436"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6714"
    }
  },
  "description": "Cisco Ultra\u662f\u865a\u62df\u7684\u3001\u79fb\u52a8\u670d\u52a1\u5e73\u53f0\u3002\r\n\r\nCisco Ultra Services Framework Staging Server\u7684AutoIT\u670d\u52a1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8c03\u7528shell\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4ee5Linux root\u7528\u6237\u6267\u884c\u4efb\u610fshell\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20170705-usf3\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-17018",
  "openTime": "2017-07-27",
  "patchDescription": "Cisco Ultra\u662f\u865a\u62df\u7684\u3001\u79fb\u52a8\u670d\u52a1\u5e73\u53f0\u3002\r\n\r\nCisco Ultra Services Framework Staging Server\u7684AutoIT\u670d\u52a1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8c03\u7528shell\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4ee5Linux root\u7528\u6237\u6267\u884c\u4efb\u610fshell\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Ultra Services Framework Staging Server\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Ultra Services Framework Staging Server 4.0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99436",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-07",
  "title": "Cisco Ultra Services Framework Staging Server\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

GSD-2017-6714

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6714

Aliases

CVE-2017-6714

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6714",
    "description": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.",
    "id": "GSD-2017-6714"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6714"
      ],
      "details": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.",
      "id": "GSD-2017-6714",
      "modified": "2023-12-13T01:21:09.437318Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6714",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Ultra Services Framework",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Ultra Services Framework"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99436",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99436"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6714"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
            },
            {
              "name": "99436",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99436"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-07-06T00:29Z"
    }
  }
}

GHSA-PCH2-25GV-RXQJ

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-06T00:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.",
  "id": "GHSA-pch2-25gv-rxqj",
  "modified": "2022-05-13T01:36:31Z",
  "published": "2022-05-13T01:36:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6714"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99436"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-6714

Vulnerability from fkie_nvd - Published: 2017-07-06 00:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/99436	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99436	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	ultra_services_framework_staging_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "991C1294-F10F-4CFB-BCB7-A17A4A07A57D",
              "versionEndIncluding": "5.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio AutoIT de Staging Server del Framework Ultra Services de Cisco, podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos shell arbitrarios como usuario root de Linux. La vulnerabilidad es debido a invocaciones shell inapropiadas. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la creaci\u00f3n de entradas de comandos de la CLI para ejecutar comandos shell de Linux como usuario root. Esta vulnerabilidad afecta a todas las versiones de Staging Server de Ultra Services Framework anterior a las versiones 5.0.3 y 5.1 de Cisco. ID de BUG de Cisco: CSCvc76673."
    }
  ],
  "id": "CVE-2017-6714",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-06T00:29:00.553",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99436"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6714 (GCVE-0-2017-6714)

CERTFR-2017-AVI-202

Solution

CERTFR-2017-AVI-202

Solution

VAR-201707-0924

CNVD-2017-17018

GSD-2017-6714

GHSA-PCH2-25GV-RXQJ

FKIE_CVE-2017-6714

Tags

Sightings

Nomenclature