CVE-2017-6775

Severity Score

5.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.

Una vulnerabilidad en el CLI de Cisco ASR 5000 Series Aggregated Services Routers ejecutando el sistema operativo Cisco StarOS podría permitir que un atacante local autenticado eleve sus privilegios hasta el nivel de administrador. Esta vulnerabilidad se debe a permisos incorrectos que son entregados a un conjunto de usuarios. Un atacante podría explotar esta vulnerabilidad iniciando sesión en la shell de un dispositivo afectado y elevando sus privilegios modificando variables de entorno. Un exploit podría permitir que el atacante obtenga privilegios de nivel administrativo y obtenga el control del dispositivo afectado. Cisco Bug IDs: CSCvd47741. Versiones afectadas conocidas: 21.0.v0.65839.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-09 CVE Reserved
2017-08-17 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/100381	Third Party Advisory
http://www.securitytracker.com/id/1039183	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Asr 5000 Software Search vendor "Cisco" for product "Asr 5000 Software"				21.0.v0.65839 Search vendor "Cisco" for product "Asr 5000 Software" and version "21.0.v0.65839"		-		Affected