Unknown
CVE-2017-6707
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- staros 11.0 base,
- staros 12.0.0,
- staros 12.1 base,
- staros 12.2 base,
- staros 12.2(300),
- staros 14.0(600),
- staros 14.0.0,
- staros 15.0 base,
- staros 15.0(912),
- staros 15.0(935),
- staros 15.0(938),
- staros 16.0(900),
- staros 16.0.0,
- staros 16.1.0,
- staros 16.1.1,
- staros 16.1.2,
- staros 16.5.0,
- staros 16.5.2,
- staros 17.2.0,
- staros 17.2.0.59184,
- staros 17.3 base,
- staros 17.3.0,
- staros 17.3.1,
- staros 17.7.0,
- staros 18.0.0,
- staros 18.0.0.57828,
- staros 18.0.0.59167,
- staros 18.0.0.59211,
- staros 18.0.l0.59219,
- staros 18.1 base,
- staros 18.1.0,
- staros 18.1.0.59776,
- staros 18.1.0.59780,
- staros 18.3 base,
- staros 18.3.0,
- staros 18.4.0,
- staros 19.0.1,
- staros 19.0.m0.60737,
- staros 19.0.m0.60828,
- staros 19.0.m0.61045,
- staros 19.1.0,
- staros 19.1.0.61559,
- staros 19.2.0,
- staros 19.3.0,
- staros 20.0.0,
- staros 20.0.1.0,
- staros 20.0.1.a0,
- staros 20.0.1.v0,
- staros 20.0.2.3,
- staros 20.0.2.3.65026,
- staros 20.0.2.v1,
- staros 20.0.m0.62842,
- staros 20.0.m0.63229,
- staros 20.0.v0,
- staros 21.0 base,
- staros 21.0 m0.64246,
- staros 21.0 m0.64702,
- staros 21.0.0
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
