Sign-up

ID

VAR-201708-1329


CVE

CVE-2017-6773


TITLE

Cisco ASR 5000 Input validation vulnerability in the Aggregation Service Router of the series

Trust: 0.8

sources: JVNDB: JVNDB-2017-007257

DESCRIPTION

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47722 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. The CLI is one of the command line programs

Trust: 2.52

sources: NVD: CVE-2017-6773 // JVNDB: JVNDB-2017-007257 // CNVD: CNVD-2017-22100 // BID: 100376 // VULHUB: VHN-114976

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-22100

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 softwarescope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:asr series aggregated services routersscope:eqversion:500021.0.v0.65839

Trust: 0.6

vendor:ciscomodel:starosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr seriesscope:eqversion:500021.0.v0.65839

Trust: 0.3

sources: CNVD: CNVD-2017-22100 // BID: 100376 // JVNDB: JVNDB-2017-007257 // CNNVD: CNNVD-201708-787 // NVD: CVE-2017-6773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6773
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6773
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-22100
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-787
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114976
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6773
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22100
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114976
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6773
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-22100 // VULHUB: VHN-114976 // JVNDB: JVNDB-2017-007257 // CNNVD: CNNVD-201708-787 // NVD: CVE-2017-6773

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-114976 // JVNDB: JVNDB-2017-007257 // NVD: CVE-2017-6773

THREAT TYPE

local

Trust: 0.9

sources: BID: 100376 // CNNVD: CNNVD-201708-787

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201708-787

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007257

PATCH
title:cisco-sa-20170816-staros1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
Trust: 0.8
title:CiscoASR5000SeriesAggregatedServicesRoutersStarOS Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/100499
Trust: 0.6
title:Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74104
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22100 // 
            
            
            
            JVNDB: JVNDB-2017-007257 // 
            
            
            
            CNNVD: CNNVD-201708-787

EXTERNAL IDS
db:NVDid:CVE-2017-6773
Trust: 3.4
db:BIDid:100376
Trust: 2.0
db:SECTRACKid:1039181
Trust: 1.1
db:JVNDBid:JVNDB-2017-007257
Trust: 0.8
db:CNNVDid:CNNVD-201708-787
Trust: 0.7
db:CNVDid:CNVD-2017-22100
Trust: 0.6
db:NSFOCUSid:37454
Trust: 0.6
db:VULHUBid:VHN-114976
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22100 // 
            
            
            
            VULHUB: VHN-114976 // 
            
            
            
            BID: 100376 // 
            
            
            
            JVNDB: JVNDB-2017-007257 // 
            
            
            
            CNNVD: CNNVD-201708-787 // 
            
            
            
            NVD: CVE-2017-6773

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros1
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2017-6773
Trust: 1.4
url:http://www.securityfocus.com/bid/100376
Trust: 1.1
url:http://www.securitytracker.com/id/1039181
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6773
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37454
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-22100 // 
            
            
            
            VULHUB: VHN-114976 // 
            
            
            
            BID: 100376 // 
            
            
            
            JVNDB: JVNDB-2017-007257 // 
            
            
            
            CNNVD: CNNVD-201708-787 // 
            
            
            
            NVD: CVE-2017-6773

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100376

SOURCES
db:CNVDid:CNVD-2017-22100
db:VULHUBid:VHN-114976
db:BIDid:100376
db:JVNDBid:JVNDB-2017-007257
db:CNNVDid:CNNVD-201708-787
db:NVDid:CVE-2017-6773

LAST UPDATE DATE
2024-11-23T22:45:36.681000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22100date:2017-08-21T00:00:00
db:VULHUBid:VHN-114976date:2017-08-25T00:00:00
db:BIDid:100376date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007257date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-787date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6773date:2024-11-21T03:30:29.947

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-22100date:2017-08-21T00:00:00
db:VULHUBid:VHN-114976date:2017-08-17T00:00:00
db:BIDid:100376date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007257date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-787date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6773date:2017-08-17T20:29:00.527