Two vulnerabilities in Cisco ASR 5000 Series
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-6729 CVE-2017-6707 |
| CWE-ID | CWE-20 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco ASR 5000 Series Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU7369
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6729
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition.
The weakness exists in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software due to improper boundary controls for the BGP peering sessions list. A remote attacker can send specially crafted TCP packets to an IPv4 or IPv6 interface and cause the BGP process to reload.
Successful exploitation of the vulnerability results in denial of service.
The vulnerability is addressed in the following versions:
21.3.A0.65902, 21.2.A0.65905, 21.1.b0.66164, 21.1.V0.66014, 21.1.R0.65898, 21.1.M0.65894, 21.1.0.66030, 21.1.0.
Cisco ASR 5000 Series: 16.4.1 - 21.1.M0.65824
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-staros
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS command injection
EUVDB-ID: #VU7370
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6707
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary shell commands.
The weakness exists in the CLI command-parsing code of the Cisco StarOS operating system due to insufficient sanitization of commands before inserting them into Linux shell commands. A local attacker can break from the StarOS CLI, submit and execute a specially crafted CLI command with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability is addressed in the following versions:
21.3.A0.66618, 21.3.A0.66178, 21.3.A0.66153, 21.3.A0.66135, 21.2.R0.66287, 21.2.M0.66444, 21.2.M0.66307, 21.2.M0.66249, 21.2.M0.66176, 21.2.M0.66149, 21.2.M0.66133, 21.2.0.66846, 21.2.0, 21.1.b0.66191, 21.1.V0.66492, 21.1.1.66446, 21.1.1, 21.1.0.66154, 21.1.0.66134, 21.1.0, 20.3.T0.66312, 20.3.T0.66236, 20.3.T0.66216, 20.3.T0.66156, 20.3.M0.66295, 20.3.M0.66234, 20.3.M0.66214, 20.3.M0.66152, 20.2.9.66292, 20.2.9.66232, 20.2.9, 20.2.8.66212, 20.2.8.66150, 20.2.8, 19.7.M0.67048, 19.6.5.67047, 19.6.5, 18.7.6.67108, 18.7.6.
Cisco ASR 5000 Series: 18.7.6 - 21.1.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
