CVE-2017-6707
Severity Score
8.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.
Una vulnerabilidad en el código command-parsing de la CLI del sistema operativo StarOS de Cisco para dispositivos ASR 5000 Series versión 11.0 hasta 21.0, 5500 Series y 5700 Series de Cisco y el software Virtualized Packet Core (VPC) de Cisco, podría permitir a un atacante local autenticado interrumpir la CLI del StarOS de un sistema afectado y ejecutar comandos shell arbitrarios como usuario root de Linux en el sistema, también se conoce como Inyección de Comandos. La vulnerabilidad existe porque el sistema operativo afectado no hace un saneamiento de los comandos antes de insertarlos en los comandos shell de Linux. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando creado de la CLI para su ejecución en un comando shell de Linux como un usuario root. ID de Bug de Cisco: CSCvc69329, CSCvc72930.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-03-09 CVE Reserved
- 2017-07-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99462 | Vdb Entry | |
| http://www.securitytracker.com/id/1038818 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd | 2017-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 11.0_base Search vendor "Cisco" for product "Staros" and version "11.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 12.0.0 Search vendor "Cisco" for product "Staros" and version "12.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 12.1_base Search vendor "Cisco" for product "Staros" and version "12.1_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 12.2\(300\) Search vendor "Cisco" for product "Staros" and version "12.2\(300\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 12.2_base Search vendor "Cisco" for product "Staros" and version "12.2_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 14.0\(600\) Search vendor "Cisco" for product "Staros" and version "14.0\(600\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 14.0.0 Search vendor "Cisco" for product "Staros" and version "14.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 15.0\(912\) Search vendor "Cisco" for product "Staros" and version "15.0\(912\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 15.0\(935\) Search vendor "Cisco" for product "Staros" and version "15.0\(935\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 15.0\(938\) Search vendor "Cisco" for product "Staros" and version "15.0\(938\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 15.0_base Search vendor "Cisco" for product "Staros" and version "15.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.0\(900\) Search vendor "Cisco" for product "Staros" and version "16.0\(900\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.0.0 Search vendor "Cisco" for product "Staros" and version "16.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.1.0 Search vendor "Cisco" for product "Staros" and version "16.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.1.1 Search vendor "Cisco" for product "Staros" and version "16.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.1.2 Search vendor "Cisco" for product "Staros" and version "16.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.5.0 Search vendor "Cisco" for product "Staros" and version "16.5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 16.5.2 Search vendor "Cisco" for product "Staros" and version "16.5.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.2.0 Search vendor "Cisco" for product "Staros" and version "17.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.2.0.59184 Search vendor "Cisco" for product "Staros" and version "17.2.0.59184" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.3.0 Search vendor "Cisco" for product "Staros" and version "17.3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.3.1 Search vendor "Cisco" for product "Staros" and version "17.3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.3_base Search vendor "Cisco" for product "Staros" and version "17.3_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 17.7.0 Search vendor "Cisco" for product "Staros" and version "17.7.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.0.0 Search vendor "Cisco" for product "Staros" and version "18.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.0.0.57828 Search vendor "Cisco" for product "Staros" and version "18.0.0.57828" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.0.0.59167 Search vendor "Cisco" for product "Staros" and version "18.0.0.59167" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.0.0.59211 Search vendor "Cisco" for product "Staros" and version "18.0.0.59211" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.0.l0.59219 Search vendor "Cisco" for product "Staros" and version "18.0.l0.59219" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.1.0 Search vendor "Cisco" for product "Staros" and version "18.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.1.0.59776 Search vendor "Cisco" for product "Staros" and version "18.1.0.59776" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.1.0.59780 Search vendor "Cisco" for product "Staros" and version "18.1.0.59780" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.1_base Search vendor "Cisco" for product "Staros" and version "18.1_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.3.0 Search vendor "Cisco" for product "Staros" and version "18.3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.3_base Search vendor "Cisco" for product "Staros" and version "18.3_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 18.4.0 Search vendor "Cisco" for product "Staros" and version "18.4.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.0.1 Search vendor "Cisco" for product "Staros" and version "19.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.0.m0.60737 Search vendor "Cisco" for product "Staros" and version "19.0.m0.60737" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.0.m0.60828 Search vendor "Cisco" for product "Staros" and version "19.0.m0.60828" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.0.m0.61045 Search vendor "Cisco" for product "Staros" and version "19.0.m0.61045" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.1.0 Search vendor "Cisco" for product "Staros" and version "19.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.1.0.61559 Search vendor "Cisco" for product "Staros" and version "19.1.0.61559" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.2.0 Search vendor "Cisco" for product "Staros" and version "19.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 19.3.0 Search vendor "Cisco" for product "Staros" and version "19.3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.0 Search vendor "Cisco" for product "Staros" and version "20.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.1.0 Search vendor "Cisco" for product "Staros" and version "20.0.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.1.a0 Search vendor "Cisco" for product "Staros" and version "20.0.1.a0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.1.v0 Search vendor "Cisco" for product "Staros" and version "20.0.1.v0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.2.3 Search vendor "Cisco" for product "Staros" and version "20.0.2.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.2.3.65026 Search vendor "Cisco" for product "Staros" and version "20.0.2.3.65026" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.2.v1 Search vendor "Cisco" for product "Staros" and version "20.0.2.v1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.m0.62842 Search vendor "Cisco" for product "Staros" and version "20.0.m0.62842" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.m0.63229 Search vendor "Cisco" for product "Staros" and version "20.0.m0.63229" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 20.0.v0 Search vendor "Cisco" for product "Staros" and version "20.0.v0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 21.0.0 Search vendor "Cisco" for product "Staros" and version "21.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 21.0_base Search vendor "Cisco" for product "Staros" and version "21.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 21.0_m0.64246 Search vendor "Cisco" for product "Staros" and version "21.0_m0.64246" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | 21.0_m0.64702 Search vendor "Cisco" for product "Staros" and version "21.0_m0.64702" | - |
Affected
| ||||||