File Modification Vulnerability in Cisco ASR 5000 Series Routers
CVE-2017-6774

5MEDIUM

Key Information:

Vendor
Cisco
Status
Staros For Asr 5000 Series Aggregated Services Routers
Vendor
CVE Published:
17 August 2017

Summary

A vulnerability exists in the Cisco ASR 5000 Series Aggregated Services Routers running Cisco StarOS, which allows an authenticated remote attacker to manipulate sensitive system files. The issue arises from the improper configuration of FTP, leading to the potential for overwriting critical configuration files. Attackers can exploit this flaw to alter settings and potentially destabilize system operations, impacting overall network security.

Affected Version(s)

StarOS for ASR 5000 Series Aggregated Services Routers 21.0.v0.65839

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/100386
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039182
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.