CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

CVSS v3.0 8.2 HIGH
CVSS v2.0 7.2 HIGH

8.2^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd	Vendor Advisory
http://www.securitytracker.com/id/1038818	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/99462

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:staros:11.0_base:::::::*
	cpe:2.3:o:cisco:staros:12.2\(300\):::::::*
	cpe:2.3:o:cisco:staros:14.0.0:::::::*
	cpe:2.3:o:cisco:staros:16.0\(900\):::::::*
	cpe:2.3:o:cisco:staros:16.1.0:::::::*
	cpe:2.3:o:cisco:staros:18.1.0.59776:::::::*
	cpe:2.3:o:cisco:staros:18.1.0.59780:::::::*
	cpe:2.3:o:cisco:staros:18.0.0:::::::*
	cpe:2.3:o:cisco:staros:19.0.m0.61045:::::::*
	cpe:2.3:o:cisco:staros:19.0.1:::::::*
	cpe:2.3:o:cisco:staros:18.4.0:::::::*
	cpe:2.3:o:cisco:staros:19.3.0:::::::*
	cpe:2.3:o:cisco:staros:20.0.m0.63229:::::::*
	cpe:2.3:o:cisco:staros:19.0.m0.60737:::::::*
	cpe:2.3:o:cisco:staros:19.0.m0.60828:::::::*
	cpe:2.3:o:cisco:staros:15.0\(938\):::::::*
	cpe:2.3:o:cisco:staros:18.3.0:::::::*
	cpe:2.3:o:cisco:staros:16.0.0:::::::*
	cpe:2.3:o:cisco:staros:18.3_base:::::::*
	cpe:2.3:o:cisco:staros:12.1_base:::::::*
	cpe:2.3:o:cisco:staros:21.0_base:::::::*
	cpe:2.3:o:cisco:staros:12.2_base:::::::*
	cpe:2.3:o:cisco:staros:16.5.2:::::::*
	cpe:2.3:o:cisco:staros:20.0.1.a0:::::::*
	cpe:2.3:o:cisco:staros:20.0.1.0:::::::*
	cpe:2.3:o:cisco:staros:17.7.0:::::::*
	cpe:2.3:o:cisco:staros:20.0.v0:::::::*
	cpe:2.3:o:cisco:staros:18.1_base:::::::*
	cpe:2.3:o:cisco:staros:18.1.0:::::::*
	cpe:2.3:o:cisco:staros:15.0\(912\):::::::*
	cpe:2.3:o:cisco:staros:20.0.m0.62842:::::::*
	cpe:2.3:o:cisco:staros:12.0.0:::::::*
	cpe:2.3:o:cisco:staros:21.0.0:::::::*
	cpe:2.3:o:cisco:staros:14.0\(600\):::::::*
	cpe:2.3:o:cisco:staros:20.0.0:::::::*
	cpe:2.3:o:cisco:staros:15.0\(935\):::::::*
	cpe:2.3:o:cisco:staros:19.1.0.61559:::::::*
	cpe:2.3:o:cisco:staros:17.3.1:::::::*
	cpe:2.3:o:cisco:staros:15.0_base:::::::*
	cpe:2.3:o:cisco:staros:16.1.1:::::::*
	cpe:2.3:o:cisco:staros:21.0_m0.64702:::::::*
	cpe:2.3:o:cisco:staros:18.0.0.57828:::::::*
	cpe:2.3:o:cisco:staros:17.3.0:::::::*
	cpe:2.3:o:cisco:staros:19.1.0:::::::*
	cpe:2.3:o:cisco:staros:18.0.0.59211:::::::*
	cpe:2.3:o:cisco:staros:18.0.0.59167:::::::*
	cpe:2.3:o:cisco:staros:20.0.2.v1:::::::*
	cpe:2.3:o:cisco:staros:20.0.2.3.65026:::::::*
	cpe:2.3:o:cisco:staros:16.5.0:::::::*
	cpe:2.3:o:cisco:staros:16.1.2:::::::*
	cpe:2.3:o:cisco:staros:17.2.0.59184:::::::*
	cpe:2.3:o:cisco:staros:20.0.1.v0:::::::*
	cpe:2.3:o:cisco:staros:17.3_base:::::::*
	cpe:2.3:o:cisco:staros:19.2.0:::::::*
	cpe:2.3:o:cisco:staros:17.2.0:::::::*
	cpe:2.3:o:cisco:staros:21.0_m0.64246:::::::*
	cpe:2.3:o:cisco:staros:18.0.l0.59219:::::::*
	cpe:2.3:o:cisco:staros:20.0.2.3:::::::*

Information

Published : 2017-07-05 17:29

Updated : 2017-07-07 18:29

NVD link : CVE-2017-6707

Mitre link : CVE-2017-6707

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Products Affected

cisco

staros

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1038818", "name": "1038818", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/99462", "name": "99462", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-6707", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}}, "publishedDate": "2017-07-06T00:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:staros:11.0_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:12.2\\(300\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:14.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.0\\(900\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.1.0.59776:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.1.0.59780:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.0.m0.61045:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.m0.63229:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.0.m0.60737:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.0.m0.60828:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:15.0\\(938\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.3_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:12.1_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:21.0_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:12.2_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.1.a0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.v0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.1_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:15.0\\(912\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.m0.62842:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:21.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:14.0\\(600\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:15.0\\(935\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.1.0.61559:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:15.0_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:21.0_m0.64702:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.0.0.57828:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.0.0.59211:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.0.0.59167:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.2.v1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.2.3.65026:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:16.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.2.0.59184:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.1.v0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.3_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:19.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:17.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:21.0_m0.64246:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:18.0.l0.59219:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:staros:20.0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-08T01:29Z"}

8.2 /10