Sign-up

ID

VAR-201706-0560


CVE

CVE-2017-6681


TITLE

Cisco Ultra Services Framework of AutoVNF VNFStagingView Vulnerability to execute relative path traversal attack in class

Trust: 0.8

sources: JVNDB: JVNDB-2017-004846

DESCRIPTION

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. Vendors have confirmed this vulnerability Bug ID CSCvc76662 It is released as.A remote attacker could read important files on your system. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvc76662

Trust: 1.98

sources: NVD: CVE-2017-6681 // JVNDB: JVNDB-2017-004846 // BID: 98977 // VULHUB: VHN-114884

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services frameworkscope:eqversion:21.0.0

Trust: 1.6

vendor:ciscomodel:ultra services frameworkscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services frameworkscope:eqversion:0

Trust: 0.3

sources: BID: 98977 // JVNDB: JVNDB-2017-004846 // CNNVD: CNNVD-201706-369 // NVD: CVE-2017-6681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6681
value: HIGH

Trust: 1.0

NVD: CVE-2017-6681
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-369
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114884
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6681
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114884
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6681
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114884 // JVNDB: JVNDB-2017-004846 // CNNVD: CNNVD-201706-369 // NVD: CVE-2017-6681

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-114884 // JVNDB: JVNDB-2017-004846 // NVD: CVE-2017-6681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-369

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-369

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004846

PATCH
title:cisco-sa-20170607-usf2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
Trust: 0.8
title:Cisco Ultra Services Framework Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71483
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004846 // 
            
            
            
            CNNVD: CNNVD-201706-369

EXTERNAL IDS
db:NVDid:CVE-2017-6681
Trust: 2.8
db:BIDid:98977
Trust: 2.0
db:JVNDBid:JVNDB-2017-004846
Trust: 0.8
db:CNNVDid:CNNVD-201706-369
Trust: 0.7
db:VULHUBid:VHN-114884
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114884 // 
            
            
            
            BID: 98977 // 
            
            
            
            JVNDB: JVNDB-2017-004846 // 
            
            
            
            CNNVD: CNNVD-201706-369 // 
            
            
            
            NVD: CVE-2017-6681

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usf2
Trust: 2.0
url:http://www.securityfocus.com/bid/98977
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6681
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6681
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114884 // 
            
            
            
            BID: 98977 // 
            
            
            
            JVNDB: JVNDB-2017-004846 // 
            
            
            
            CNNVD: CNNVD-201706-369 // 
            
            
            
            NVD: CVE-2017-6681

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98977 // 
            
            
            
            CNNVD: CNNVD-201706-369

SOURCES
db:VULHUBid:VHN-114884
db:BIDid:98977
db:JVNDBid:JVNDB-2017-004846
db:CNNVDid:CNNVD-201706-369
db:NVDid:CVE-2017-6681

LAST UPDATE DATE
2025-04-20T23:22:21.140000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114884date:2017-06-21T00:00:00
db:BIDid:98977date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004846date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-369date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6681date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114884date:2017-06-13T00:00:00
db:BIDid:98977date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004846date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-369date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6681date:2017-06-13T06:29:01.253