Privilege escalation in Cisco Prime Network - CVE-2017-6732
Published: July 6, 2017
Vulnerability identifier: #VU7362
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6732
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Network
Cisco Prime Network
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to gain elevated privileges.
The weakness exists due to the use of incorrect installation and permission settings for binary files when Cisco Prime Network is installed on a device. A local attacker can gain root privileges on the target system.
Successful exploitation of the vulnerability results in full control over the system.
The weakness exists due to the use of incorrect installation and permission settings for binary files when Cisco Prime Network is installed on a device. A local attacker can gain root privileges on the target system.
Successful exploitation of the vulnerability results in full control over the system.
How to mitigate CVE-2017-6732
Update to version 4.3(2).