Details of VAR-201707-0919

ID

VAR-201707-0919

CVE

CVE-2017-6708

TITLE

Cisco Ultra Services Framework for AutoVNF Vulnerability to read important files on affected systems in the tool's symbolic link creation function

Trust: 0.8

sources: JVNDB: JVNDB-2017-005314

DESCRIPTION

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654

Trust: 1.98

sources: NVD: CVE-2017-6708 // JVNDB: JVNDB-2017-005314 // BID: 99512 // VULHUB: VHN-114911

AFFECTED PRODUCTS

vendor:	cisco	model:	ultra services framework	scope:	lte	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	ultra services framework	scope:	eq	version:	5.0.2	Trust: 0.9
vendor:	cisco	model:	ultra services framework	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ultra services framework	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	ultra services framework	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	ultra services framework	scope:	ne	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	ultra services framework	scope:	ne	version:	5.1	Trust: 0.3

sources: BID: 99512 // JVNDB: JVNDB-2017-005314 // CNNVD: CNNVD-201707-155 // NVD: CVE-2017-6708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6708
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6708
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201707-155
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114911
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6708
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114911
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6708
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114911 // JVNDB: JVNDB-2017-005314 // CNNVD: CNNVD-201707-155 // NVD: CVE-2017-6708

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114911 // JVNDB: JVNDB-2017-005314 // NVD: CVE-2017-6708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-155

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201707-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005314

PATCH

title:	cisco-sa-20170705-usf1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1	Trust: 0.8
title:	Cisco Ultra Services Framework Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71449	Trust: 0.6

sources: JVNDB: JVNDB-2017-005314 // CNNVD: CNNVD-201707-155

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6708	Trust: 2.8
db:	BID	id:	99512	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-005314	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-155	Trust: 0.7
db:	NSFOCUS	id:	37071	Trust: 0.6
db:	VULHUB	id:	VHN-114911	Trust: 0.1

sources: VULHUB: VHN-114911 // BID: 99512 // JVNDB: JVNDB-2017-005314 // CNNVD: CNNVD-201707-155 // NVD: CVE-2017-6708

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-usf1	Trust: 2.0
url:	http://www.securityfocus.com/bid/99512	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6708	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6708	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37071	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114911 // BID: 99512 // JVNDB: JVNDB-2017-005314 // CNNVD: CNNVD-201707-155 // NVD: CVE-2017-6708

CREDITS

Cisco

Trust: 0.3

sources: BID: 99512

SOURCES

db:	VULHUB	id:	VHN-114911
db:	BID	id:	99512
db:	JVNDB	id:	JVNDB-2017-005314
db:	CNNVD	id:	CNNVD-201707-155
db:	NVD	id:	CVE-2017-6708

LAST UPDATE DATE

2025-04-20T23:30:55.021000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114911	date:	2017-07-13T00:00:00
db:	BID	id:	99512	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005314	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201707-155	date:	2017-07-06T00:00:00
db:	NVD	id:	CVE-2017-6708	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114911	date:	2017-07-06T00:00:00
db:	BID	id:	99512	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005314	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201707-155	date:	2017-07-06T00:00:00
db:	NVD	id:	CVE-2017-6708	date:	2017-07-06T00:29:00.397