Main Vulnerability Database SB2017081707

SB2017081707 - Privilege escalation in Cisco Policy Suite

Published: August 17, 2017

Security Bulletin ID SB2017081707

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-6781)

The vulnerability allows a local, authenticated attacker to gain elevated privileges on the target system.

The weakness exists in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances due to incorrect role-based access control (RBAC) for shell user accounts. A local attacker can authenticate to an affected appliance and provide a specially crafted data via the CLI to gain elevated privileges.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps