OS command injection in Virtual Network Function Element Manager - CVE-2017-6710
Published: August 17, 2017
Vulnerability identifier: #VU7980
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6710
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Virtual Network Function Element Manager
Virtual Network Function Element Manager
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the Cisco Virtual Network Function (VNF) Element Manager due to improper command settings. A remote attacker can use this settings to elevate privileges and run commands in the context of the root user on the server.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the Cisco Virtual Network Function (VNF) Element Manager due to improper command settings. A remote attacker can use this settings to elevate privileges and run commands in the context of the root user on the server.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6710
The vulnerability is addressed in the following versions: USP_5.5.0.1148, USP_5.5.0.1143, USP_5.5.0.1139, USP_5.5.0.1136, USP_5.5.0.1126, USP_5.5.0.1124, USP_5.5.0.1122, USP_5.5.0.1118, USP_5.5.0.1115, USP_5.5.0.1114, USP_5.5.0.1108, USP_5.5.0.1106, USP_5.5.0.1103, USP_5.5.0.1098, USP_5.5.0.1094, USP_5.5.0.1089.