Details of VAR-201706-0569

ID

VAR-201706-0569

CVE

CVE-2017-6690

TITLE

Cisco ASR 5000 Series Aggregated Services Router Run on StarOS Vulnerabilities in arbitrary file overwriting in file check operation

Trust: 0.8

sources: JVNDB: JVNDB-2017-005142

DESCRIPTION

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd73726

Trust: 2.52

sources: NVD: CVE-2017-6690 // JVNDB: JVNDB-2017-005142 // CNVD: CNVD-2017-13744 // BID: 98998 // VULHUB: VHN-114893

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-13744

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	21.3.m0.67005	Trust: 1.6
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	21.0.v0.65839	Trust: 1.6
vendor:	cisco	model:	asr series 21.3.m0.67005	scope:	eq	version:	5000	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.0.v0.65839	Trust: 0.9
vendor:	cisco	model:	asr 5000 series software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	staros none	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	staros	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series 21.4.a0.67087	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.4.a0.67079	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.4.a0.67013	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.3.m0.67084	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.3.m0.67077	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.3.m0.66994	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series 21.3.j0.66993	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.1.v0.67083	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.1.v0.67082	Trust: 0.3

sources: CNVD: CNVD-2017-13744 // BID: 98998 // JVNDB: JVNDB-2017-005142 // CNNVD: CNNVD-201706-433 // NVD: CVE-2017-6690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6690
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6690
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-13744
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201706-433
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114893
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6690
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-13744
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114893
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6690
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-13744 // VULHUB: VHN-114893 // JVNDB: JVNDB-2017-005142 // CNNVD: CNNVD-201706-433 // NVD: CVE-2017-6690

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-114893 // JVNDB: JVNDB-2017-005142 // NVD: CVE-2017-6690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-433

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 98998 // CNNVD: CNNVD-201706-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005142

PATCH

title:	cisco-sa-20170607-staros	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros	Trust: 0.8
title:	CiscoStarOS Remote Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/97798	Trust: 0.6
title:	Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70879	Trust: 0.6

sources: CNVD: CNVD-2017-13744 // JVNDB: JVNDB-2017-005142 // CNNVD: CNNVD-201706-433

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6690	Trust: 3.4
db:	BID	id:	98998	Trust: 2.6
db:	SECTRACK	id:	1038634	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-005142	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-433	Trust: 0.7
db:	CNVD	id:	CNVD-2017-13744	Trust: 0.6
db:	VULHUB	id:	VHN-114893	Trust: 0.1

sources: CNVD: CNVD-2017-13744 // VULHUB: VHN-114893 // BID: 98998 // JVNDB: JVNDB-2017-005142 // CNNVD: CNNVD-201706-433 // NVD: CVE-2017-6690

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-staros	Trust: 2.0
url:	http://www.securityfocus.com/bid/98998	Trust: 1.7
url:	http://www.securitytracker.com/id/1038634	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6690	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6690	Trust: 0.8
url:	http://securitytracker.com/id/1038634	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-13744 // VULHUB: VHN-114893 // BID: 98998 // JVNDB: JVNDB-2017-005142 // CNNVD: CNNVD-201706-433 // NVD: CVE-2017-6690

CREDITS

Cisco

Trust: 0.9

sources: BID: 98998 // CNNVD: CNNVD-201706-433

SOURCES

db:	CNVD	id:	CNVD-2017-13744
db:	VULHUB	id:	VHN-114893
db:	BID	id:	98998
db:	JVNDB	id:	JVNDB-2017-005142
db:	CNNVD	id:	CNNVD-201706-433
db:	NVD	id:	CVE-2017-6690

LAST UPDATE DATE

2024-11-23T22:42:10.255000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-13744	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114893	date:	2019-10-03T00:00:00
db:	BID	id:	98998	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005142	date:	2017-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-433	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6690	date:	2024-11-21T03:30:18.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-13744	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114893	date:	2017-06-13T00:00:00
db:	BID	id:	98998	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005142	date:	2017-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-433	date:	2017-06-14T00:00:00
db:	NVD	id:	CVE-2017-6690	date:	2017-06-13T06:29:01.550