Command injection in Cisco ASR 920 Series Routers - CVE-2017-6796
Published: September 7, 2017
Vulnerability identifier: #VU8151
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6796
CWE-ID: CWE-77
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASR 920 Series Routers
Cisco ASR 920 Series Routers
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary commands on the affected device.
The weakness exists due to improper input validation of the platform usb modem command in the CLI. A local attacker can modify the platform usb modem command in the CLI to inject and execute arbitrary commands.
Successful exploitation of the vulnerability nay result in system compromise.
The weakness exists due to improper input validation of the platform usb modem command in the CLI. A local attacker can modify the platform usb modem command in the CLI to inject and execute arbitrary commands.
Successful exploitation of the vulnerability nay result in system compromise.
How to mitigate CVE-2017-6796
Update to version 16.7(0.94).