Sign-up

ID

VAR-201709-1174


CVE

CVE-2017-6795


TITLE

Cisco IOS XE Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008146

DESCRIPTION

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. Cisco IOS XE Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug IDs: CSCvf10783 It is released as.Information may be tampered with. The Cisco ASR920 Series Aggregation Services Routers is the ASR920 series of multi-function routers from Cisco. Cisco IOSXESoftware is one of the operating systems dedicated to network devices. A security vulnerability exists in IOSXESoftware's USB-modem code in Cisco ASR920 Series AggregationServicesRouters, which stems from a program failing to validate input

Trust: 2.52

sources: NVD: CVE-2017-6795 // JVNDB: JVNDB-2017-008146 // CNVD: CNVD-2017-32524 // BID: 100656 // VULHUB: VHN-114998

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32524

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:asr series aggregation services router fuji-16.8.1scope:eqversion:920

Trust: 0.9

vendor:ciscomodel:asr series aggregation services router 15.6 sscope:eqversion:920

Trust: 0.9

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-32524 // BID: 100656 // JVNDB: JVNDB-2017-008146 // CNNVD: CNNVD-201703-526 // NVD: CVE-2017-6795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6795
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6795
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-32524
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-526
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114998
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6795
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32524
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114998
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6795
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32524 // VULHUB: VHN-114998 // JVNDB: JVNDB-2017-008146 // CNNVD: CNNVD-201703-526 // NVD: CVE-2017-6795

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-114998 // JVNDB: JVNDB-2017-008146 // NVD: CVE-2017-6795

THREAT TYPE

local

Trust: 0.9

sources: BID: 100656 // CNNVD: CNNVD-201703-526

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 100656 // CNNVD: CNNVD-201703-526

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008146

PATCH
title:cisco-sa-20170906-asr920-2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2
Trust: 0.8
title:Cisco IOSXESoftware arbitrary file coverage vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/104299
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32524 // 
            
            
            
            JVNDB: JVNDB-2017-008146

EXTERNAL IDS
db:NVDid:CVE-2017-6795
Trust: 3.4
db:BIDid:100656
Trust: 2.6
db:SECTRACKid:1039282
Trust: 1.7
db:JVNDBid:JVNDB-2017-008146
Trust: 0.8
db:CNNVDid:CNNVD-201703-526
Trust: 0.7
db:CNVDid:CNVD-2017-32524
Trust: 0.6
db:VULHUBid:VHN-114998
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32524 // 
            
            
            
            VULHUB: VHN-114998 // 
            
            
            
            BID: 100656 // 
            
            
            
            JVNDB: JVNDB-2017-008146 // 
            
            
            
            CNNVD: CNNVD-201703-526 // 
            
            
            
            NVD: CVE-2017-6795

REFERENCES
url:http://www.securityfocus.com/bid/100656
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-asr920-2
Trust: 2.0
url:http://www.securitytracker.com/id/1039282
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-6795
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6795
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-32524 // 
            
            
            
            VULHUB: VHN-114998 // 
            
            
            
            BID: 100656 // 
            
            
            
            JVNDB: JVNDB-2017-008146 // 
            
            
            
            CNNVD: CNNVD-201703-526 // 
            
            
            
            NVD: CVE-2017-6795

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100656

SOURCES
db:CNVDid:CNVD-2017-32524
db:VULHUBid:VHN-114998
db:BIDid:100656
db:JVNDBid:JVNDB-2017-008146
db:CNNVDid:CNNVD-201703-526
db:NVDid:CVE-2017-6795

LAST UPDATE DATE
2024-11-23T22:30:39.620000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32524date:2017-11-02T00:00:00
db:VULHUBid:VHN-114998date:2019-10-09T00:00:00
db:BIDid:100656date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-008146date:2017-10-10T00:00:00
db:CNNVDid:CNNVD-201703-526date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6795date:2024-11-21T03:30:32.697

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32524date:2017-11-02T00:00:00
db:VULHUBid:VHN-114998date:2017-09-07T00:00:00
db:BIDid:100656date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-008146date:2017-10-10T00:00:00
db:CNNVDid:CNNVD-201703-526date:2017-03-14T00:00:00
db:NVDid:CVE-2017-6795date:2017-09-07T21:29:00.957