var-201708-1330
Vulnerability from variot
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1330", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "asr 5000 software", scope: "eq", trust: 1.6, vendor: "cisco", version: "21.0.v0.65839", }, { model: "asr 5000 series software", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "asr series aggregated services routers", scope: "eq", trust: 0.6, vendor: "cisco", version: "500021.0.v0.65839", }, { model: "staros", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "asr series", scope: "eq", trust: 0.3, vendor: "cisco", version: "500021.0.v0.65839", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "BID", id: "100386", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-6774", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco.", sources: [ { db: "BID", id: "100386", }, ], trust: 0.3, }, cve: "CVE-2017-6774", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-6774", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2017-22099", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "VHN-114977", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.1, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-6774", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-6774", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2017-22099", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201708-788", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-114977", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "VULHUB", id: "VHN-114977", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2017-6774", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "CNVD", id: "CNVD-2017-22099", }, { db: "BID", id: "100386", }, { db: "VULHUB", id: "VHN-114977", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-6774", trust: 3.4, }, { db: "BID", id: "100386", trust: 2.6, }, { db: "SECTRACK", id: "1039182", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2017-007258", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201708-788", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-22099", trust: 0.6, }, { db: "VULHUB", id: "VHN-114977", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "VULHUB", id: "VHN-114977", }, { db: "BID", id: "100386", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, id: "VAR-201708-1330", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "VULHUB", id: "VHN-114977", }, ], trust: 1.4134865099999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, ], }, last_update_date: "2023-12-18T12:57:17.347000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20170816-staros2", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros2", }, { title: "CiscoASR5000SeriesAggregatedServicesRoutersStarOS Patch for Any File Write Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/100498", }, { title: "Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74105", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-552", trust: 1.1, }, { problemtype: "CWE-264", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-114977", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros2", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/100386", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1039182", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-6774", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6774", }, { trust: 0.3, url: "http://www.cisco.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "VULHUB", id: "VHN-114977", }, { db: "BID", id: "100386", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-22099", }, { db: "VULHUB", id: "VHN-114977", }, { db: "BID", id: "100386", }, { db: "JVNDB", id: "JVNDB-2017-007258", }, { db: "NVD", id: "CVE-2017-6774", }, { db: "CNNVD", id: "CNNVD-201708-788", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-21T00:00:00", db: "CNVD", id: "CNVD-2017-22099", }, { date: "2017-08-17T00:00:00", db: "VULHUB", id: "VHN-114977", }, { date: "2017-08-16T00:00:00", db: "BID", id: "100386", }, { date: "2017-09-14T00:00:00", db: "JVNDB", id: "JVNDB-2017-007258", }, { date: "2017-08-17T20:29:00.557000", db: "NVD", id: "CVE-2017-6774", }, { date: "2017-08-18T00:00:00", db: "CNNVD", id: "CNNVD-201708-788", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-21T00:00:00", db: "CNVD", id: "CNVD-2017-22099", }, { date: "2019-10-03T00:00:00", db: "VULHUB", id: "VHN-114977", }, { date: "2017-08-16T00:00:00", db: "BID", id: "100386", }, { date: "2017-09-14T00:00:00", db: "JVNDB", id: "JVNDB-2017-007258", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2017-6774", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201708-788", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201708-788", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco ASR 5000 Vulnerabilities related to authorization, authority, and access control in Aggregation Service Router", sources: [ { db: "JVNDB", id: "JVNDB-2017-007258", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-201708-788", }, ], trust: 0.6, }, }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.