{ "id": "CVE-2017-6714", "sourceIdentifier": "ykramarz@cisco.com", "published": "2017-07-06T00:29:00.553", "lastModified": "2019-10-09T23:28:56.827", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673." }, { "lang": "es", "value": "Una vulnerabilidad en el servicio AutoIT de Staging Server del Framework Ultra Services de Cisco, podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos shell arbitrarios como usuario root de Linux. La vulnerabilidad es debido a invocaciones shell inapropiadas. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la creaci\u00f3n de entradas de comandos de la CLI para ejecutar comandos shell de Linux como usuario root. Esta vulnerabilidad afecta a todas las versiones de Staging Server de Ultra Services Framework anterior a las versiones 5.0.3 y 5.1 de Cisco. ID de BUG de Cisco: CSCvc76673." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-78" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-78" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:ultra_services_framework_staging_server:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.0.2", "matchCriteriaId": "991C1294-F10F-4CFB-BCB7-A17A4A07A57D" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/99436", "source": "ykramarz@cisco.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }