Sign-up

ID

VAR-201706-0561


CVE

CVE-2017-6682


TITLE

Cisco Elastic Services Controller of ConfD CLI In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004888

DESCRIPTION

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). Vendors have confirmed this vulnerability Bug ID CSCvc76620 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvc76620. ConfD CLI is one of these modules

Trust: 1.98

sources: NVD: CVE-2017-6682 // JVNDB: JVNDB-2017-004888 // BID: 98951 // VULHUB: VHN-114885

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2\(9.76\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2(9.76)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98951 // JVNDB: JVNDB-2017-004888 // CNNVD: CNNVD-201706-362 // NVD: CVE-2017-6682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6682
value: HIGH

Trust: 1.0

NVD: CVE-2017-6682
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114885
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6682
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114885
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6682
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114885 // JVNDB: JVNDB-2017-004888 // CNNVD: CNNVD-201706-362 // NVD: CVE-2017-6682

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114885 // JVNDB: JVNDB-2017-004888 // NVD: CVE-2017-6682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-362

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004888

PATCH
title:cisco-sa-20170607-esc1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
Trust: 0.8
title:Cisco Elastic Services Controller ConfD CLI Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71479
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004888 // 
            
            
            
            CNNVD: CNNVD-201706-362

EXTERNAL IDS
db:NVDid:CVE-2017-6682
Trust: 2.8
db:BIDid:98951
Trust: 2.0
db:JVNDBid:JVNDB-2017-004888
Trust: 0.8
db:CNNVDid:CNNVD-201706-362
Trust: 0.7
db:NSFOCUSid:36824
Trust: 0.6
db:VULHUBid:VHN-114885
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114885 // 
            
            
            
            BID: 98951 // 
            
            
            
            JVNDB: JVNDB-2017-004888 // 
            
            
            
            CNNVD: CNNVD-201706-362 // 
            
            
            
            NVD: CVE-2017-6682

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc1
Trust: 2.0
url:http://www.securityfocus.com/bid/98951
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6682
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6682
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36824
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114885 // 
            
            
            
            BID: 98951 // 
            
            
            
            JVNDB: JVNDB-2017-004888 // 
            
            
            
            CNNVD: CNNVD-201706-362 // 
            
            
            
            NVD: CVE-2017-6682

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98951 // 
            
            
            
            CNNVD: CNNVD-201706-362

SOURCES
db:VULHUBid:VHN-114885
db:BIDid:98951
db:JVNDBid:JVNDB-2017-004888
db:CNNVDid:CNNVD-201706-362
db:NVDid:CVE-2017-6682

LAST UPDATE DATE
2025-04-20T23:16:07+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114885date:2017-06-23T00:00:00
db:BIDid:98951date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004888date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-362date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6682date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114885date:2017-06-13T00:00:00
db:BIDid:98951date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004888date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-362date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6682date:2017-06-13T06:29:01.270