Improper input validation in Cisco Ultra Services Framework - CVE-2017-6680
Published: June 8, 2017
Vulnerability identifier: #VU6980
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6680
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to create arbitrary directories on the affected system.
The weakness exists in the AutoVNF logging function of Cisco Ultra Services Framework due to insufficient checks when creating directories on the system. A remote attacker can create arbitrary directories as root on the system, impact the behavior of other daemons and delete important log data.
Successful exploitation of the vulnerability may result in directory creation.
The weakness exists in the AutoVNF logging function of Cisco Ultra Services Framework due to insufficient checks when creating directories on the system. A remote attacker can create arbitrary directories as root on the system, impact the behavior of other daemons and delete important log data.
Successful exploitation of the vulnerability may result in directory creation.
How to mitigate CVE-2017-6680
Install update from vendor's website.