Cisco StarOS on ASR 5000/5500/5700/VPC CLI os command injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in Cisco StarOS on ASR 5000/5500/5700/VPC. This vulnerability affects unknown code of the component CLI. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2017-6707. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in Cisco StarOS on ASR 5000/5500/5700/VPC (Router Operating System) (affected version unknown) and classified as critical. This vulnerability affects an unknown functionality of the component CLI. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.
The bug was discovered 07/05/2017. The weakness was released 07/06/2017 with Cisco as cisco-sa-20170705-asrcmd as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2017-6707 since 03/09/2017. The attack needs to be approached locally. The successful exploitation needs a single authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1202.
The vulnerability scanner Nessus provides a plugin with the ID 101528 (Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (101528) and SecurityFocus (BID 99462†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.0VulDB Meta Temp Score: 7.8
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.2
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Os command injectionCWE: CWE-78 / CWE-77 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 101528
Nessus Name: Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
03/09/2017 🔍07/05/2017 🔍
07/05/2017 🔍
07/05/2017 🔍
07/05/2017 🔍
07/06/2017 🔍
07/06/2017 🔍
07/13/2017 🔍
12/30/2020 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20170705-asrcmd
Researcher: Cisco
Organization: Cisco
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-6707 (🔍)
GCVE (CVE): GCVE-0-2017-6707
GCVE (VulDB): GCVE-100-103216
SecurityFocus: 99462 - Cisco StarOS CVE-2017-6707 Local Command Injection Vulnerability
SecurityTracker: 1038818
Entry
Created: 07/06/2017 12:02Updated: 12/30/2020 21:22
Changes: 07/06/2017 12:02 (67), 10/23/2019 12:27 (7), 12/30/2020 21:16 (2), 12/30/2020 21:22 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.