Vulnerability Description
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Asr 5000 Software | 21.0.v0.65839 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100376Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039181Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/100376Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039181Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-6773?
CVE-2017-6773 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions an...
How severe is CVE-2017-6773?
CVE-2017-6773 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6773?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asr 5000 Software.