var-201706-0569
Vulnerability from variot
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd73726
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "21.0.v0.65839"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "21.3.m0.67005"
},
{
"model": "asr series 21.3.m0.67005",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "500021.0.v0.65839"
},
{
"model": "asr 5000 series software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "staros none",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "staros",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr series 21.4.a0.67087",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.4.a0.67079",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.4.a0.67013",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.3.m0.67084",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.3.m0.67077",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.3.m0.66994",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series 21.3.j0.66993",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "500021.1.v0.67083"
},
{
"model": "asr series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "500021.1.v0.67082"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "BID",
"id": "98998"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:asr_5000_software:21.3.m0.67005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6690"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "98998"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6690",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6690",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-13744",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-114893",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6690",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6690",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-13744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114893",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "VULHUB",
"id": "VHN-114893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvd73726",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "BID",
"id": "98998"
},
{
"db": "VULHUB",
"id": "VHN-114893"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6690",
"trust": 3.4
},
{
"db": "BID",
"id": "98998",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1038634",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-13744",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114893",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "VULHUB",
"id": "VHN-114893"
},
{
"db": "BID",
"id": "98998"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"id": "VAR-201706-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "VULHUB",
"id": "VHN-114893"
}
],
"trust": 1.4134865099999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
}
]
},
"last_update_date": "2023-12-18T13:29:16.690000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170607-staros",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-staros"
},
{
"title": "CiscoStarOS Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97798"
},
{
"title": "Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-staros"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98998"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038634"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6690"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6690"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1038634"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "VULHUB",
"id": "VHN-114893"
},
{
"db": "BID",
"id": "98998"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"db": "VULHUB",
"id": "VHN-114893"
},
{
"db": "BID",
"id": "98998"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"date": "2017-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-114893"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98998"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"date": "2017-06-13T06:29:01.550000",
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"date": "2017-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13744"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114893"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98998"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005142"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6690"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Series Aggregated Services Router Run on StarOS Vulnerabilities in arbitrary file overwriting in file check operation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "98998"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-433"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.