Sign-up

ID

VAR-201706-0583


CVE

CVE-2017-6667


TITLE

Cisco Context Service software development kit of dynamic JAR Vulnerability in arbitrary code execution in file update process

Trust: 0.8

sources: JVNDB: JVNDB-2017-004883

DESCRIPTION

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0. Cisco Context Service SDK is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input. Successful exploit allows an attacker to execute arbitrary code within the context of the user on the affected system. This issue is being tracked by Cisco Bug ID CSCvb66730. Cisco Context Service SDK is a set of software development toolkit for Context service developed by American Cisco (Cisco). The vulnerability stems from the fact that the program does not properly filter the input submitted by the user

Trust: 1.98

sources: NVD: CVE-2017-6667 // JVNDB: JVNDB-2017-004883 // BID: 98978 // VULHUB: VHN-114870

AFFECTED PRODUCTS

vendor:ciscomodel:context service development kitscope:eqversion:2.0

Trust: 1.6

vendor:ciscomodel:context service sdkscope:eqversion:2.0

Trust: 0.8

vendor:ciscomodel:context service sdkscope:eqversion:0

Trust: 0.3

sources: BID: 98978 // JVNDB: JVNDB-2017-004883 // CNNVD: CNNVD-201706-368 // NVD: CVE-2017-6667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6667
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6667
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201706-368
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114870
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6667
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114870
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6667
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114870 // JVNDB: JVNDB-2017-004883 // CNNVD: CNNVD-201706-368 // NVD: CVE-2017-6667

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-114870 // JVNDB: JVNDB-2017-004883 // NVD: CVE-2017-6667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-368

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201706-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004883

PATCH
title:cisco-sa-20170607-ccsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ccs
Trust: 0.8
title:Cisco Context Service SDK Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71482
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004883 // 
            
            
            
            CNNVD: CNNVD-201706-368

EXTERNAL IDS
db:NVDid:CVE-2017-6667
Trust: 2.8
db:BIDid:98978
Trust: 2.0
db:JVNDBid:JVNDB-2017-004883
Trust: 0.8
db:CNNVDid:CNNVD-201706-368
Trust: 0.7
db:VULHUBid:VHN-114870
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114870 // 
            
            
            
            BID: 98978 // 
            
            
            
            JVNDB: JVNDB-2017-004883 // 
            
            
            
            CNNVD: CNNVD-201706-368 // 
            
            
            
            NVD: CVE-2017-6667

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-ccs
Trust: 2.0
url:http://www.securityfocus.com/bid/98978
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6667
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6667
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114870 // 
            
            
            
            BID: 98978 // 
            
            
            
            JVNDB: JVNDB-2017-004883 // 
            
            
            
            CNNVD: CNNVD-201706-368 // 
            
            
            
            NVD: CVE-2017-6667

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98978

SOURCES
db:VULHUBid:VHN-114870
db:BIDid:98978
db:JVNDBid:JVNDB-2017-004883
db:CNNVDid:CNNVD-201706-368
db:NVDid:CVE-2017-6667

LAST UPDATE DATE
2025-04-20T23:37:55.205000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114870date:2017-06-26T00:00:00
db:BIDid:98978date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004883date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-368date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6667date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114870date:2017-06-13T00:00:00
db:BIDid:98978date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004883date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-368date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6667date:2017-06-13T06:29:01.003