CVE-2017-6794
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830.
Una vulnerabilidad en el código de análisis sintáctico de comandos CLI de Cisco Meeting Server podría permitir que un atacante local autenticado inyectase comandos y elevase sus privilegios a root. En primer lugar, el atacante debe autenticarse en la aplicación con credenciales de administrador válidas. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en el CLI para ciertos comandos. Un atacante podría explotar esta vulnerabilidad autenticándose en la aplicación afectada y enviando un comando CLI manipulado para ejecutarlo en el CLI de Cisco Meeting Server. Un exploit podría permitir que el atacante realizase una inyección de comandos y elevase su nivel de privilegios a root. Productos vulnerables: Esta vulnerabilidad existe en versiones de software Cisco Meeting Server anteriores a 2.0, 2.1 y 2.2 (estas, también incluidas). Cisco Bug IDs: CSCvf53830.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-09-07 CVE Published
- 2023-07-18 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100464 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039245 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.0 Search vendor "Cisco" for product "Meeting Server" and version "2.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.1 Search vendor "Cisco" for product "Meeting Server" and version "2.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.2 Search vendor "Cisco" for product "Meeting Server" and version "2.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.3 Search vendor "Cisco" for product "Meeting Server" and version "2.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.4 Search vendor "Cisco" for product "Meeting Server" and version "2.0.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.5 Search vendor "Cisco" for product "Meeting Server" and version "2.0.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.6 Search vendor "Cisco" for product "Meeting Server" and version "2.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.7 Search vendor "Cisco" for product "Meeting Server" and version "2.0.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.8 Search vendor "Cisco" for product "Meeting Server" and version "2.0.8" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.9 Search vendor "Cisco" for product "Meeting Server" and version "2.0.9" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.10 Search vendor "Cisco" for product "Meeting Server" and version "2.0.10" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.11 Search vendor "Cisco" for product "Meeting Server" and version "2.0.11" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.12 Search vendor "Cisco" for product "Meeting Server" and version "2.0.12" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.13 Search vendor "Cisco" for product "Meeting Server" and version "2.0.13" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.14 Search vendor "Cisco" for product "Meeting Server" and version "2.0.14" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.15 Search vendor "Cisco" for product "Meeting Server" and version "2.0.15" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.0.16 Search vendor "Cisco" for product "Meeting Server" and version "2.0.16" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.0 Search vendor "Cisco" for product "Meeting Server" and version "2.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.1 Search vendor "Cisco" for product "Meeting Server" and version "2.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.2 Search vendor "Cisco" for product "Meeting Server" and version "2.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.3 Search vendor "Cisco" for product "Meeting Server" and version "2.1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.4 Search vendor "Cisco" for product "Meeting Server" and version "2.1.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.5 Search vendor "Cisco" for product "Meeting Server" and version "2.1.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.6 Search vendor "Cisco" for product "Meeting Server" and version "2.1.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.7 Search vendor "Cisco" for product "Meeting Server" and version "2.1.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.8 Search vendor "Cisco" for product "Meeting Server" and version "2.1.8" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.9 Search vendor "Cisco" for product "Meeting Server" and version "2.1.9" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.10 Search vendor "Cisco" for product "Meeting Server" and version "2.1.10" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.1.11 Search vendor "Cisco" for product "Meeting Server" and version "2.1.11" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.2.0 Search vendor "Cisco" for product "Meeting Server" and version "2.2.0" | - |
Affected
| ||||||