OS command injection in Cisco Ultra Services Framework - CVE-2017-6714
Published: July 6, 2017
Vulnerability identifier: #VU7341
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6714
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary shell commands.
The vulnerability exists in the AutoIT service of Cisco Ultra Services Framework Staging Server due to improper shell invocations. A remote attacker can use specially crafted CLI commands to execute Linux shell commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability exists in the AutoIT service of Cisco Ultra Services Framework Staging Server due to improper shell invocations. A remote attacker can use specially crafted CLI commands to execute Linux shell commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6714
The vulnerability is addressed in the following versions:
5.0.3, 5.1.
5.0.3, 5.1.