Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

Published

2017-07-06T00:29:00.177

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	staros	11.0_base	Yes
Operating System	cisco	staros	12.0.0	Yes
Operating System	cisco	staros	12.1_base	Yes
Operating System	cisco	staros	12.2\(300\)	Yes
Operating System	cisco	staros	12.2_base	Yes
Operating System	cisco	staros	14.0\(600\)	Yes
Operating System	cisco	staros	14.0.0	Yes
Operating System	cisco	staros	15.0\(912\)	Yes
Operating System	cisco	staros	15.0\(935\)	Yes
Operating System	cisco	staros	15.0\(938\)	Yes
Operating System	cisco	staros	15.0_base	Yes
Operating System	cisco	staros	16.0\(900\)	Yes
Operating System	cisco	staros	16.0.0	Yes
Operating System	cisco	staros	16.1.0	Yes
Operating System	cisco	staros	16.1.1	Yes
Operating System	cisco	staros	16.1.2	Yes
Operating System	cisco	staros	16.5.0	Yes
Operating System	cisco	staros	16.5.2	Yes
Operating System	cisco	staros	17.2.0	Yes
Operating System	cisco	staros	17.2.0.59184	Yes
Operating System	cisco	staros	17.3.0	Yes
Operating System	cisco	staros	17.3.1	Yes
Operating System	cisco	staros	17.3_base	Yes
Operating System	cisco	staros	17.7.0	Yes
Operating System	cisco	staros	18.0.0	Yes
Operating System	cisco	staros	18.0.0.57828	Yes
Operating System	cisco	staros	18.0.0.59167	Yes
Operating System	cisco	staros	18.0.0.59211	Yes
Operating System	cisco	staros	18.0.l0.59219	Yes
Operating System	cisco	staros	18.1.0	Yes
Operating System	cisco	staros	18.1.0.59776	Yes
Operating System	cisco	staros	18.1.0.59780	Yes
Operating System	cisco	staros	18.1_base	Yes
Operating System	cisco	staros	18.3.0	Yes
Operating System	cisco	staros	18.3_base	Yes
Operating System	cisco	staros	18.4.0	Yes
Operating System	cisco	staros	19.0.1	Yes
Operating System	cisco	staros	19.0.m0.60737	Yes
Operating System	cisco	staros	19.0.m0.60828	Yes
Operating System	cisco	staros	19.0.m0.61045	Yes
Operating System	cisco	staros	19.1.0	Yes
Operating System	cisco	staros	19.1.0.61559	Yes
Operating System	cisco	staros	19.2.0	Yes
Operating System	cisco	staros	19.3.0	Yes
Operating System	cisco	staros	20.0.0	Yes
Operating System	cisco	staros	20.0.1.0	Yes
Operating System	cisco	staros	20.0.1.a0	Yes
Operating System	cisco	staros	20.0.1.v0	Yes
Operating System	cisco	staros	20.0.2.3	Yes
Operating System	cisco	staros	20.0.2.3.65026	Yes
Operating System	cisco	staros	20.0.2.v1	Yes
Operating System	cisco	staros	20.0.m0.62842	Yes
Operating System	cisco	staros	20.0.m0.63229	Yes
Operating System	cisco	staros	20.0.v0	Yes
Operating System	cisco	staros	21.0.0	Yes
Operating System	cisco	staros	21.0_base	Yes
Operating System	cisco	staros	21.0_m0.64246	Yes
Operating System	cisco	staros	21.0_m0.64702	Yes

References

http://www.securityfocus.com/bid/99462 ([email protected])
http://www.securitytracker.com/id/1038818 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/99462 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038818 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)