var-201707-0918
Vulnerability from variot
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. Vendors have confirmed this vulnerability Bug ID CSCvc69329 and CSCvc72930 It is released as.Of an affected system by an authenticated local attacker. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. Cisco StarOS is prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges. Cisco ASR 5500 Series and so on are the 5500 and other series router equipment of Cisco (Cisco)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0918", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "11.0_base", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "21.0_m0.64246", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "12.0.0", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "19.1.0.61559", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "12.2_base", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "21.0.0", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "12.2\\(300\\)", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "12.1_base", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "21.0_m0.64702", }, { model: "staros", scope: "eq", trust: 1.6, vendor: "cisco", version: "18.3.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.3_base", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.3_base", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "15.0\\(935\\)", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "14.0.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.1.0.59776", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.1.a0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.1_base", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.3.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.0.m0.60737", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.2.3.65026", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.1.v0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.0.m0.61045", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.3.1", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.4.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.0.m0.60828", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.0.l0.59219", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.0.0.59211", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.v0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "15.0\\(938\\)", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.1.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.1.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "15.0\\(912\\)", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.3.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.0.59184", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.0\\(900\\)", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.1.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.0.0.59167", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.2", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.1.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.2.v1", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "17.7.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.0.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.m0.63229", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.m0.62842", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(600\\)", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.1.2", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.1.1", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "16.0.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.0.0.57828", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "18.1.0.59780", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.0.1", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "19.2.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "21.0_base", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.0", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "20.0.2.3", }, { model: "staros", scope: "eq", trust: 1, vendor: "cisco", version: "15.0_base", }, { model: "asr series", scope: "eq", trust: 0.9, vendor: "cisco", version: "50000", }, { model: "asr series", scope: "eq", trust: 0.9, vendor: "cisco", version: "57000", }, { model: "asr series", scope: "eq", trust: 0.9, vendor: "cisco", version: "55000", }, { model: "virtualized packet core-single instance software", scope: "eq", trust: 0.9, vendor: "cisco", version: "0", }, { model: "virtualized packet core-distributed instance software", scope: "eq", trust: 0.9, vendor: "cisco", version: "0", }, { model: "staros", scope: "eq", trust: 0.9, vendor: "cisco", version: "0", }, { model: "staros", scope: null, trust: 0.8, vendor: "cisco", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "BID", id: "99462", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:staros:11.0_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:12.2\\(300\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:14.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.0\\(900\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.1.0.59780:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.0.m0.61045:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.1.a0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:21.0_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:21.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:12.1_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:12.2_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:15.0\\(938\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.1_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.0.m0.60737:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.0.m0.60828:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.m0.62842:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.v0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.m0.63229:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.3_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:12.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:15.0\\(912\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:15.0\\(935\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.2.0.59184:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.0.0.59211:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.0.0.57828:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.2.v1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.2.3.65026:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:14.0\\(600\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:15.0_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:16.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.0.l0.59219:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:18.0.0.59167:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:19.1.0.61559:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:20.0.1.v0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:17.3_base:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:21.0_m0.64246:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:staros:21.0_m0.64702:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-6707", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco", sources: [ { db: "BID", id: "99462", }, ], trust: 0.3, }, cve: "CVE-2017-6707", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.2, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2017-6707", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2017-22535", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "VHN-114910", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-6707", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-6707", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-22535", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201707-156", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-114910", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "VULHUB", id: "VHN-114910", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. Vendors have confirmed this vulnerability Bug ID CSCvc69329 and CSCvc72930 It is released as.Of an affected system by an authenticated local attacker. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. Cisco StarOS is prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges. Cisco ASR 5500 Series and so on are the 5500 and other series router equipment of Cisco (Cisco)", sources: [ { db: "NVD", id: "CVE-2017-6707", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "CNVD", id: "CNVD-2017-22535", }, { db: "BID", id: "99462", }, { db: "VULHUB", id: "VHN-114910", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-6707", trust: 3.4, }, { db: "BID", id: "99462", trust: 1.4, }, { db: "SECTRACK", id: "1038818", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2017-005318", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201707-156", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-22535", trust: 0.6, }, { db: "NSFOCUS", id: "37057", trust: 0.6, }, { db: "VULHUB", id: "VHN-114910", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "VULHUB", id: "VHN-114910", }, { db: "BID", id: "99462", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, id: "VAR-201707-0918", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "VULHUB", id: "VHN-114910", }, ], trust: 1.3137529166666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, ], }, last_update_date: "2023-12-18T13:08:44.973000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20170705-asrcmd", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-asrcmd", }, { title: "CiscoStarOSCLI Local Command Injection Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/100664", }, { title: "Multiple Cisco product StarOS Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71510", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-114910", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-asrcmd", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/99462", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1038818", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6707", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-6707", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/37057", }, { trust: 0.3, url: "http://www.cisco.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "VULHUB", id: "VHN-114910", }, { db: "BID", id: "99462", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-22535", }, { db: "VULHUB", id: "VHN-114910", }, { db: "BID", id: "99462", }, { db: "JVNDB", id: "JVNDB-2017-005318", }, { db: "NVD", id: "CVE-2017-6707", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-23T00:00:00", db: "CNVD", id: "CNVD-2017-22535", }, { date: "2017-07-06T00:00:00", db: "VULHUB", id: "VHN-114910", }, { date: "2017-07-05T00:00:00", db: "BID", id: "99462", }, { date: "2017-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2017-005318", }, { date: "2017-07-06T00:29:00.177000", db: "NVD", id: "CVE-2017-6707", }, { date: "2017-07-11T00:00:00", db: "CNNVD", id: "CNNVD-201707-156", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-23T00:00:00", db: "CNVD", id: "CNVD-2017-22535", }, { date: "2017-07-08T00:00:00", db: "VULHUB", id: "VHN-114910", }, { date: "2017-07-05T00:00:00", db: "BID", id: "99462", }, { date: "2017-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2017-005318", }, { date: "2017-07-08T01:29:15.317000", db: "NVD", id: "CVE-2017-6707", }, { date: "2017-07-11T00:00:00", db: "CNNVD", id: "CNNVD-201707-156", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "99462", }, { db: "CNNVD", id: "CNNVD-201707-156", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Cisco ASR Series devices and Cisco Virtualized Packet Core For software Cisco StarOS Operating system CLI Of affected systems in command parsing code StarOS CLI Vulnerabilities isolated from", sources: [ { db: "JVNDB", id: "JVNDB-2017-005318", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201707-156", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.