Sign-up

ID

VAR-201708-1331


CVE

CVE-2017-6775


TITLE

Cisco ASR 5000 Vulnerabilities related to authorization, authority, and access control in Aggregation Service Router

Trust: 0.8

sources: JVNDB: JVNDB-2017-007259

DESCRIPTION

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47741 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. The CLI is one of the command line programs. The StarOS CLI in Cisco ASR5000 Series AggregatedServicesRouters21.0.v0.65839 has a privilege elevation vulnerability that stems from the program failing to assign the correct permissions to the user

Trust: 2.52

sources: NVD: CVE-2017-6775 // JVNDB: JVNDB-2017-007259 // CNVD: CNVD-2017-22098 // BID: 100381 // VULHUB: VHN-114978

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-22098

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 softwarescope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:asr series aggregated services routersscope:eqversion:500021.0.v0.65839

Trust: 0.6

vendor:ciscomodel:starosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr seriesscope:eqversion:500021.0.v0.65839

Trust: 0.3

sources: CNVD: CNVD-2017-22098 // BID: 100381 // JVNDB: JVNDB-2017-007259 // CNNVD: CNNVD-201708-789 // NVD: CVE-2017-6775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6775
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6775
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-22098
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-789
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114978
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6775
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22098
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114978
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6775
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.5
impactScore: 3.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-22098 // VULHUB: VHN-114978 // JVNDB: JVNDB-2017-007259 // CNNVD: CNNVD-201708-789 // NVD: CVE-2017-6775

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114978 // JVNDB: JVNDB-2017-007259 // NVD: CVE-2017-6775

THREAT TYPE

local

Trust: 0.9

sources: BID: 100381 // CNNVD: CNNVD-201708-789

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201708-789

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007259

PATCH
title:cisco-sa-20170816-staros3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
Trust: 0.8
title:Patch for CiscoASR5000SeriesAggregatedServicesRoutersStarOS Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/100497
Trust: 0.6
title:Cisco ASR 5000 Series Aggregated Services Routers StarOS Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74106
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22098 // 
            
            
            
            JVNDB: JVNDB-2017-007259 // 
            
            
            
            CNNVD: CNNVD-201708-789

EXTERNAL IDS
db:NVDid:CVE-2017-6775
Trust: 3.4
db:BIDid:100381
Trust: 2.6
db:SECTRACKid:1039183
Trust: 1.7
db:JVNDBid:JVNDB-2017-007259
Trust: 0.8
db:CNNVDid:CNNVD-201708-789
Trust: 0.7
db:CNVDid:CNVD-2017-22098
Trust: 0.6
db:VULHUBid:VHN-114978
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22098 // 
            
            
            
            VULHUB: VHN-114978 // 
            
            
            
            BID: 100381 // 
            
            
            
            JVNDB: JVNDB-2017-007259 // 
            
            
            
            CNNVD: CNNVD-201708-789 // 
            
            
            
            NVD: CVE-2017-6775

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-staros3
Trust: 2.0
url:http://www.securityfocus.com/bid/100381
Trust: 1.7
url:http://www.securitytracker.com/id/1039183
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-6775
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6775
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-22098 // 
            
            
            
            VULHUB: VHN-114978 // 
            
            
            
            BID: 100381 // 
            
            
            
            JVNDB: JVNDB-2017-007259 // 
            
            
            
            CNNVD: CNNVD-201708-789 // 
            
            
            
            NVD: CVE-2017-6775

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100381

SOURCES
db:CNVDid:CNVD-2017-22098
db:VULHUBid:VHN-114978
db:BIDid:100381
db:JVNDBid:JVNDB-2017-007259
db:CNNVDid:CNNVD-201708-789
db:NVDid:CVE-2017-6775

LAST UPDATE DATE
2024-11-23T22:07:17.208000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22098date:2017-08-21T00:00:00
db:VULHUBid:VHN-114978date:2019-10-03T00:00:00
db:BIDid:100381date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007259date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-789date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6775date:2024-11-21T03:30:30.197

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-22098date:2017-08-21T00:00:00
db:VULHUBid:VHN-114978date:2017-08-17T00:00:00
db:BIDid:100381date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007259date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-789date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6775date:2017-08-17T20:29:00.590