OS command injection in Elastic Services Controller - CVE-2017-6712
Published: July 6, 2017
Vulnerability identifier: #VU7368
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2017-6712
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Elastic Services Controller
Elastic Services Controller
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in certain commands of Cisco Elastic Services Controller. A remote attacker can overwrite any file on the filesystem, gain root privileges and run dangerous shell commands on the server.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in certain commands of Cisco Elastic Services Controller. A remote attacker can overwrite any file on the filesystem, gain root privileges and run dangerous shell commands on the server.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6712
The vulnerability is addressed in the following versions:
2.3.1.434, 2.3.2.
2.3.1.434, 2.3.2.