Details of VAR-201708-1320

ID

VAR-201708-1320

CVE

CVE-2017-6710

TITLE

Cisco Virtual Network Function Element Manager In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007256

DESCRIPTION

A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. Vendors have confirmed this vulnerability Bug ID CSCvc76670 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This may aid in further attacks. Versions prior to Cisco VNF Element Manager 5.0.4 and 5.1.4 are vulnerable

Trust: 1.98

sources: NVD: CVE-2017-6710 // JVNDB: JVNDB-2017-007256 // BID: 100362 // VULHUB: VHN-114913

AFFECTED PRODUCTS

vendor:	cisco	model:	virtual network function element manager	scope:	lte	version:	5.1.3	Trust: 1.0
vendor:	cisco	model:	virtual network function element manager	scope:	lte	version:	5.0.3	Trust: 1.0
vendor:	cisco	model:	virtual network function element manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	virtual network function element manager	scope:	eq	version:	5.1.3	Trust: 0.6
vendor:	cisco	model:	virtual network function element manager	scope:	eq	version:	5.0.3	Trust: 0.6
vendor:	cisco	model:	vnf element manager	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	cisco	model:	vnf element manager	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	vnf element manager	scope:	ne	version:	5.1.4	Trust: 0.3
vendor:	cisco	model:	vnf element manager	scope:	ne	version:	5.0.4	Trust: 0.3

sources: BID: 100362 // JVNDB: JVNDB-2017-007256 // CNNVD: CNNVD-201708-718 // NVD: CVE-2017-6710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6710
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6710
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201708-718
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114913
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6710
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114913
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6710
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114913 // JVNDB: JVNDB-2017-007256 // CNNVD: CNNVD-201708-718 // NVD: CVE-2017-6710

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-114913 // JVNDB: JVNDB-2017-007256 // NVD: CVE-2017-6710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-718

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-718

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007256

PATCH

title:	cisco-sa-20170816-em	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em	Trust: 0.8
title:	Cisco Virtual Network Function Element Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74069	Trust: 0.6

sources: JVNDB: JVNDB-2017-007256 // CNNVD: CNNVD-201708-718

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6710	Trust: 2.8
db:	BID	id:	100362	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-007256	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-718	Trust: 0.7
db:	NSFOCUS	id:	37435	Trust: 0.6
db:	VULHUB	id:	VHN-114913	Trust: 0.1

sources: VULHUB: VHN-114913 // BID: 100362 // JVNDB: JVNDB-2017-007256 // CNNVD: CNNVD-201708-718 // NVD: CVE-2017-6710

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-em	Trust: 2.0
url:	http://www.securityfocus.com/bid/100362	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6710	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6710	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37435	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114913 // BID: 100362 // JVNDB: JVNDB-2017-007256 // CNNVD: CNNVD-201708-718 // NVD: CVE-2017-6710

CREDITS

Cisco

Trust: 0.9

sources: BID: 100362 // CNNVD: CNNVD-201708-718

SOURCES

db:	VULHUB	id:	VHN-114913
db:	BID	id:	100362
db:	JVNDB	id:	JVNDB-2017-007256
db:	CNNVD	id:	CNNVD-201708-718
db:	NVD	id:	CVE-2017-6710

LAST UPDATE DATE

2025-04-20T23:36:47.912000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114913	date:	2017-08-25T00:00:00
db:	BID	id:	100362	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007256	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-718	date:	2017-08-17T00:00:00
db:	NVD	id:	CVE-2017-6710	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114913	date:	2017-08-17T00:00:00
db:	BID	id:	100362	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007256	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-718	date:	2017-08-17T00:00:00
db:	NVD	id:	CVE-2017-6710	date:	2017-08-17T20:29:00.370