CVE-2017-6667
published 2017-06-13CVE-2017-6667: A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.84%
90.9th percentile
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | context_service_development_kit | — | — |
| cisco | context_service_sdk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect MitM interception of the Cisco Context Service SDK JAR update process — monitor for unsigned or invalidly signed JAR files being delivered during the SDK update process ↗
- →Alert on DNS/name service poisoning activity coinciding with Cisco Context Service SDK update traffic, as the attacker must poison a name service or control it as part of exploitation ↗
- →Monitor for replacement or unexpected modification of the dynamic JAR file used by the Cisco Context Service SDK, which could indicate a tampered update payload ↗
- ·Exploitation requires simultaneous MitM positioning on the update channel AND control of a trusted signing certificate — both conditions must be met for a successful attack ↗
- ·Arbitrary code executes with web server privileges only, not full system/root — scope impact assessments accordingly ↗
- ·No workarounds are available; patching is the only remediation path ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco5.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Context Service SDK Arbitrary Code Execution Vulnerability
vendor_cisco·2017-06-07·CVSS 5.6
CVE-2017-6667 [MEDIUM] CWE-20 Cisco Context Service SDK Arbitrary Code Execution Vulnerability
Cisco Context Service SDK Arbitrary Code Execution Vulnerability
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server.
The vulnerability is due to insufficient validation of the update JAR file's signature. An attacker could exploit this vulnerability by performing a man-in-the-middle attack during the update process. At the same time, the attacker must poison a name service or control it and must also control a trusted signing certificate. An exploit could allow the attacker to replace the original JAR file with an altered version, which could then be used to execute arbitrary code.
T
Cisco
Cisco Context Service SDK Arbitrary Code Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6667 Cisco Context Service SDK Arbitrary Code Execution Vulnerability
CVE-2017-6667: Cisco Context Service SDK Arbitrary Code Execution Vulnerability
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. The vulnerability is due to insufficient validation of the update JAR file's signature. An attacker could exploit this vulnerability by performing a man-in-the-middle attack during the update process. At the same time, the attacker must poison a name service or control it and must also control a trusted signing certificate. An exploit could allow the attacker to replace the original JAR file with an altered version, which could then be used to execute arbit
GHSA
GHSA-r9vq-672r-f8rf: A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthentica
ghsa_unreviewed·2022-05-17
CVE-2017-6667 [CRITICAL] CWE-20 GHSA-r9vq-672r-f8rf: A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthentica
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-13
Published