Sign-up

ID

VAR-201708-1330


CVE

CVE-2017-6774


TITLE

Cisco ASR 5000 Vulnerabilities related to authorization, authority, and access control in Aggregation Service Router

Trust: 0.8

sources: JVNDB: JVNDB-2017-007258

DESCRIPTION

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-6774 // JVNDB: JVNDB-2017-007258 // CNVD: CNVD-2017-22099 // BID: 100386 // VULHUB: VHN-114977

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-22099

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 softwarescope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:asr series aggregated services routersscope:eqversion:500021.0.v0.65839

Trust: 0.6

vendor:ciscomodel:starosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr seriesscope:eqversion:500021.0.v0.65839

Trust: 0.3

sources: CNVD: CNVD-2017-22099 // BID: 100386 // JVNDB: JVNDB-2017-007258 // CNNVD: CNNVD-201708-788 // NVD: CVE-2017-6774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6774
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6774
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-22099
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-788
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114977
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6774
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22099
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114977
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6774
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-22099 // VULHUB: VHN-114977 // JVNDB: JVNDB-2017-007258 // CNNVD: CNNVD-201708-788 // NVD: CVE-2017-6774

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114977 // JVNDB: JVNDB-2017-007258 // NVD: CVE-2017-6774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-788

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201708-788

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007258

PATCH
title:cisco-sa-20170816-staros2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
Trust: 0.8
title:CiscoASR5000SeriesAggregatedServicesRoutersStarOS Patch for Any File Write Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/100498
Trust: 0.6
title:Cisco ASR 5000 Series Aggregated Services Routers StarOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74105
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22099 // 
            
            
            
            JVNDB: JVNDB-2017-007258 // 
            
            
            
            CNNVD: CNNVD-201708-788

EXTERNAL IDS
db:NVDid:CVE-2017-6774
Trust: 3.4
db:BIDid:100386
Trust: 2.6
db:SECTRACKid:1039182
Trust: 1.7
db:JVNDBid:JVNDB-2017-007258
Trust: 0.8
db:CNNVDid:CNNVD-201708-788
Trust: 0.7
db:CNVDid:CNVD-2017-22099
Trust: 0.6
db:VULHUBid:VHN-114977
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22099 // 
            
            
            
            VULHUB: VHN-114977 // 
            
            
            
            BID: 100386 // 
            
            
            
            JVNDB: JVNDB-2017-007258 // 
            
            
            
            CNNVD: CNNVD-201708-788 // 
            
            
            
            NVD: CVE-2017-6774

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros2
Trust: 2.0
url:http://www.securityfocus.com/bid/100386
Trust: 1.7
url:http://www.securitytracker.com/id/1039182
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-6774
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6774
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-22099 // 
            
            
            
            VULHUB: VHN-114977 // 
            
            
            
            BID: 100386 // 
            
            
            
            JVNDB: JVNDB-2017-007258 // 
            
            
            
            CNNVD: CNNVD-201708-788 // 
            
            
            
            NVD: CVE-2017-6774

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 100386

SOURCES
db:CNVDid:CNVD-2017-22099
db:VULHUBid:VHN-114977
db:BIDid:100386
db:JVNDBid:JVNDB-2017-007258
db:CNNVDid:CNNVD-201708-788
db:NVDid:CVE-2017-6774

LAST UPDATE DATE
2024-11-23T22:17:49.668000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22099date:2017-08-21T00:00:00
db:VULHUBid:VHN-114977date:2019-10-03T00:00:00
db:BIDid:100386date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007258date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-788date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6774date:2024-11-21T03:30:30.070

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-22099date:2017-08-21T00:00:00
db:VULHUBid:VHN-114977date:2017-08-17T00:00:00
db:BIDid:100386date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007258date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-788date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6774date:2017-08-17T20:29:00.557