cbcvebase.
CVE-2017-6667
published 2017-06-13

CVE-2017-6667: A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated…

PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.84%
90.9th percentile
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocontext_service_development_kit
ciscocontext_service_sdk

Detection & IOCsextracted from sources · hover to see the quote

  • Detect MitM interception of the Cisco Context Service SDK JAR update process — monitor for unsigned or invalidly signed JAR files being delivered during the SDK update process
  • Alert on DNS/name service poisoning activity coinciding with Cisco Context Service SDK update traffic, as the attacker must poison a name service or control it as part of exploitation
  • Monitor for replacement or unexpected modification of the dynamic JAR file used by the Cisco Context Service SDK, which could indicate a tampered update payload
  • ·Exploitation requires simultaneous MitM positioning on the update channel AND control of a trusted signing certificate — both conditions must be met for a successful attack
  • ·Arbitrary code executes with web server privileges only, not full system/root — scope impact assessments accordingly
  • ·No workarounds are available; patching is the only remediation path

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco5.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.