var-201709-1175
Vulnerability from variot
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. Vendors have confirmed this vulnerability Bug ID CSCve48949 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR920 Series Aggregation Services Routers is the ASR920 series of multi-function routers from Cisco. Cisco IOSXESoftware is one of the operating systems dedicated to network devices. The IOSXESoftware USB-modem code in Cisco ASR920 Series AggregationServicesRouters has an arbitrary command execution vulnerability that stems from a program failing to perform input validation correctly. Failed attempts may lead to denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr series aggregation services router 15.6 s",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "920"
},
{
"model": "ios xe",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr series aggregation services router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "92016.7(0.94)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "BID",
"id": "100647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6796"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100647"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6796",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6796",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-32519",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-114999",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6796",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6796",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-32519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114999",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-6796",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. Vendors have confirmed this vulnerability Bug ID CSCve48949 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR920 Series Aggregation Services Routers is the ASR920 series of multi-function routers from Cisco. Cisco IOSXESoftware is one of the operating systems dedicated to network devices. The IOSXESoftware USB-modem code in Cisco ASR920 Series AggregationServicesRouters has an arbitrary command execution vulnerability that stems from a program failing to perform input validation correctly. Failed attempts may lead to denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "BID",
"id": "100647"
},
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6796",
"trust": 3.5
},
{
"db": "BID",
"id": "100647",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1039281",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-32519",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114999",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6796",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"db": "BID",
"id": "100647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"id": "VAR-201709-1175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULHUB",
"id": "VHN-114999"
}
],
"trust": 1.3863187849999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
}
]
},
"last_update_date": "2023-12-18T13:34:07.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170906-asr920-1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-asr920-1"
},
{
"title": "Cisco IOSXESoftware Command Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/104301"
},
{
"title": "Cisco ASR 920 Series Aggregation Services Routers IOS XE Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99677"
},
{
"title": "Cisco: Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary Command Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170906-asr920-1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/100647"
},
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-asr920-1"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1039281"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6796"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6796"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"db": "BID",
"id": "100647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"db": "VULHUB",
"id": "VHN-114999"
},
{
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"db": "BID",
"id": "100647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"date": "2017-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-114999"
},
{
"date": "2017-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"date": "2017-09-06T00:00:00",
"db": "BID",
"id": "100647"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"date": "2017-09-07T21:29:01.007000",
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"date": "2017-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32519"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114999"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6796"
},
{
"date": "2017-09-06T00:00:00",
"db": "BID",
"id": "100647"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007991"
},
{
"date": "2019-10-09T23:29:18.310000",
"db": "NVD",
"id": "CVE-2017-6796"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100647"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 920 Operates on the Series Aggregation Service Router Cisco IOS XE In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007991"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-525"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.