CVE-2017-6623Improper Privilege Management in Cisco Policy Suite

CWE-264CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 91.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Policy Suite
Timeline
PublishedMay 18
Latest updateMay 13

Description

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/policy_suite10.0.0, 10.1.0, 11.0.0+2

🔴Vulnerability Details

2
GHSA
GHSA-hrrj-w527-vh57: A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an2022-05-13
CVEList
CVE-2017-6623: A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an2017-05-18

📋Vendor Advisories

1
Cisco
Cisco Policy Suite Privilege Escalation Vulnerability2017-05-17
CVE-2017-6623 — Improper Privilege Management in Cisco | cvebase