Command Injection Vulnerability in Cisco StarOS for ASR and 5500 Series
CVE-2017-6707

8.2HIGH

Key Information:

Vendor
Cisco
Status
Cisco Staros
Vendor
CVE Published:
6 July 2017

Summary

A vulnerability exists within the CLI command-parsing functionality of the Cisco StarOS operating system that enables an authenticated local attacker to execute arbitrary shell commands with root privileges. This occurs due to inadequate sanitization of commands before they are executed in a Linux shell environment. By supplying specially crafted CLI commands, attackers can bypass security measures, gaining control over the system and potentially compromising sensitive data. It is crucial for affected users to apply recommended updates and patches to mitigate this vulnerability.

Affected Version(s)

Cisco StarOS Cisco StarOS

References

http://www.securitytracker.com/id/1038818
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99462
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.