Main Vulnerability Database Vulnerabilities #VU7178

Privilege escalation in Cisco IOS XR - CVE-2017-6718

Published: June 22, 2017

Vulnerability identifier: #VU7178

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6718

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS XR

Detailed vulnerability description

The vulnerability allows a local authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists in the CLI of Cisco IOS XR Software due to incorrect permission settings on binary files. A local attacker can send specially crafted commands to the affected device, overwrite binaries on the filesystem and gain root privileges.

Successful exploitation of the vulnerability results in privileges escalation.

How to mitigate CVE-2017-6718

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1

Privilege escalation in Cisco IOS XR - CVE-2017-6718

Detailed vulnerability description

How to mitigate CVE-2017-6718

Sources

Please verify you're human