Sign-up

ID

VAR-201706-0562


CVE

CVE-2017-6683


TITLE

Cisco Elastic Services Controller of esc_listener.py In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004889

DESCRIPTION

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76). Cisco Elastic Services Controller of esc_listener.py Is OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCvc76642 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvc76642

Trust: 2.07

sources: NVD: CVE-2017-6683 // JVNDB: JVNDB-2017-004889 // BID: 98982 // VULHUB: VHN-114886 // VULMON: CVE-2017-6683

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2\(9.76\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2(9.76)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98982 // JVNDB: JVNDB-2017-004889 // CNNVD: CNNVD-201706-440 // NVD: CVE-2017-6683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6683
value: HIGH

Trust: 1.0

NVD: CVE-2017-6683
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-440
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114886
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6683
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6683
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114886
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6683
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114886 // VULMON: CVE-2017-6683 // JVNDB: JVNDB-2017-004889 // CNNVD: CNNVD-201706-440 // NVD: CVE-2017-6683

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114886 // JVNDB: JVNDB-2017-004889 // NVD: CVE-2017-6683

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-440

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-440

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004889

PATCH
title:cisco-sa-20170607-esc2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
Trust: 0.8
title:Cisco Elastic Services Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70885
Trust: 0.6
title:Cisco: Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170607-esc2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6683 // 
            
            
            
            JVNDB: JVNDB-2017-004889 // 
            
            
            
            CNNVD: CNNVD-201706-440

EXTERNAL IDS
db:NVDid:CVE-2017-6683
Trust: 2.9
db:BIDid:98982
Trust: 2.1
db:JVNDBid:JVNDB-2017-004889
Trust: 0.8
db:CNNVDid:CNNVD-201706-440
Trust: 0.7
db:NSFOCUSid:36826
Trust: 0.6
db:VULHUBid:VHN-114886
Trust: 0.1
db:VULMONid:CVE-2017-6683
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114886 // 
            
            
            
            VULMON: CVE-2017-6683 // 
            
            
            
            BID: 98982 // 
            
            
            
            JVNDB: JVNDB-2017-004889 // 
            
            
            
            CNNVD: CNNVD-201706-440 // 
            
            
            
            NVD: CVE-2017-6683

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc2
Trust: 2.2
url:http://www.securityfocus.com/bid/98982
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6683
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6683
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36826
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114886 // 
            
            
            
            VULMON: CVE-2017-6683 // 
            
            
            
            BID: 98982 // 
            
            
            
            JVNDB: JVNDB-2017-004889 // 
            
            
            
            CNNVD: CNNVD-201706-440 // 
            
            
            
            NVD: CVE-2017-6683

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98982 // 
            
            
            
            CNNVD: CNNVD-201706-440

SOURCES
db:VULHUBid:VHN-114886
db:VULMONid:CVE-2017-6683
db:BIDid:98982
db:JVNDBid:JVNDB-2017-004889
db:CNNVDid:CNNVD-201706-440
db:NVDid:CVE-2017-6683

LAST UPDATE DATE
2025-04-20T23:37:55.235000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114886date:2017-06-23T00:00:00
db:VULMONid:CVE-2017-6683date:2017-06-23T00:00:00
db:BIDid:98982date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004889date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-440date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6683date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114886date:2017-06-13T00:00:00
db:VULMONid:CVE-2017-6683date:2017-06-13T00:00:00
db:BIDid:98982date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004889date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-440date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6683date:2017-06-13T06:29:01.300