Privilege escalation in Policy Suite - CVE-2017-6781
Published: August 17, 2017
Vulnerability identifier: #VU7978
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6781
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Policy Suite
Policy Suite
Detailed vulnerability description
The vulnerability allows a local, authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances due to incorrect role-based access control (RBAC) for shell user accounts. A local attacker can authenticate to an affected appliance and provide a specially crafted data via the CLI to gain elevated privileges.
The weakness exists in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances due to incorrect role-based access control (RBAC) for shell user accounts. A local attacker can authenticate to an affected appliance and provide a specially crafted data via the CLI to gain elevated privileges.
How to mitigate CVE-2017-6781
Install update from vendor's website.