Local Privilege Escalation Vulnerability in Cisco Policy Suite Software
CVE-2017-6623

7.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Policy Suite
Vendor
CVE Published:
18 May 2017

Summary

A vulnerability exists in the Cisco Policy Suite Software that allows authenticated local attackers to escalate their privileges to root level. This stems from incorrect sudoers permissions assigned to a specific script file within the software distribution. By leveraging crafted inputs at the command line interface (CLI), an attacker with valid credentials can exploit this issue to gain full control over the CPS appliance. This particularly affects users utilizing Cisco Policy Suite versions 10.0.0, 10.1.0, and 11.0.0, who may be at risk of unauthorized root-level access.

Affected Version(s)

Cisco Policy Suite Cisco Policy Suite

References

http://www.securityfocus.com/bid/98521
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.