Sign-up

ID

VAR-201707-0924


CVE

CVE-2017-6714


TITLE

Cisco Ultra Services Framework Staging Server of AutoIT In service Linux root Vulnerability to execute arbitrary shell commands as a user

Trust: 0.8

sources: JVNDB: JVNDB-2017-005279

DESCRIPTION

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. This may aid in further attacks. AutoIT service is one of those services. The vulnerability comes from the fact that the program does not invoke the shell correctly

Trust: 2.07

sources: NVD: CVE-2017-6714 // JVNDB: JVNDB-2017-005279 // BID: 99436 // VULHUB: VHN-114917 // VULMON: CVE-2017-6714

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services framework staging serverscope:lteversion:5.0.2

Trust: 1.0

vendor:ciscomodel:ultra services framework staging serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services framework staging serverscope:eqversion:5.0.2

Trust: 0.6

vendor:ciscomodel:ultra services framework staging serverscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:ultra services framework staging serverscope:neversion:5.0.3

Trust: 0.3

vendor:ciscomodel:ultra services framework staging serverscope:neversion:5.1

Trust: 0.3

sources: BID: 99436 // JVNDB: JVNDB-2017-005279 // CNNVD: CNNVD-201707-150 // NVD: CVE-2017-6714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6714
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6714
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201707-150
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114917
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6714
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6714
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114917
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114917 // VULMON: CVE-2017-6714 // JVNDB: JVNDB-2017-005279 // CNNVD: CNNVD-201707-150 // NVD: CVE-2017-6714

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114917 // JVNDB: JVNDB-2017-005279 // NVD: CVE-2017-6714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-150

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201707-150

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005279

PATCH
title:cisco-sa-20170705-usf3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3
Trust: 0.8
title:Cisco Ultra Services Framework Staging Server AutoIT service Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71507
Trust: 0.6
title:Cisco: Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170705-usf3
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6714 // 
            
            
            
            JVNDB: JVNDB-2017-005279 // 
            
            
            
            CNNVD: CNNVD-201707-150

EXTERNAL IDS
db:NVDid:CVE-2017-6714
Trust: 2.9
db:BIDid:99436
Trust: 2.1
db:JVNDBid:JVNDB-2017-005279
Trust: 0.8
db:CNNVDid:CNNVD-201707-150
Trust: 0.7
db:VULHUBid:VHN-114917
Trust: 0.1
db:VULMONid:CVE-2017-6714
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114917 // 
            
            
            
            VULMON: CVE-2017-6714 // 
            
            
            
            BID: 99436 // 
            
            
            
            JVNDB: JVNDB-2017-005279 // 
            
            
            
            CNNVD: CNNVD-201707-150 // 
            
            
            
            NVD: CVE-2017-6714

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-usf3
Trust: 2.2
url:http://www.securityfocus.com/bid/99436
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6714
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6714
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114917 // 
            
            
            
            VULMON: CVE-2017-6714 // 
            
            
            
            BID: 99436 // 
            
            
            
            JVNDB: JVNDB-2017-005279 // 
            
            
            
            CNNVD: CNNVD-201707-150 // 
            
            
            
            NVD: CVE-2017-6714

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 99436

SOURCES
db:VULHUBid:VHN-114917
db:VULMONid:CVE-2017-6714
db:BIDid:99436
db:JVNDBid:JVNDB-2017-005279
db:CNNVDid:CNNVD-201707-150
db:NVDid:CVE-2017-6714

LAST UPDATE DATE
2025-04-20T23:35:48.600000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114917date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-6714date:2019-10-09T00:00:00
db:BIDid:99436date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005279date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201707-150date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6714date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114917date:2017-07-06T00:00:00
db:VULMONid:CVE-2017-6714date:2017-07-06T00:00:00
db:BIDid:99436date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005279date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201707-150date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6714date:2017-07-06T00:29:00.553