CVE-2017-6680
published 2017-06-13CVE-2017-6680: A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.35%
68.1th percentile
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ultra_services_framework | — | — |
| cisco | ultra_services_framework_autovnf | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
vendor_cisco·2017-06-07·CVSS 4.3
CVE-2017-6680 [MEDIUM] CWE-20 Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system.
The vulnerability is due to insufficient checks when creating directories on the system. An attacker could exploit this vulnerability by creating arbitrary directories as root on the system and potentially impacting the behavior of other daemons and deleting important log data. An exploit could allow the attacker to create arbitrary directories on the affected system.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/c
Cisco
Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6680 Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
CVE-2017-6680: Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. The vulnerability is due to insufficient checks when creating directories on the system. An attacker could exploit this vulnerability by creating arbitrary directories as root on the system and potentially impacting the behavior of other daemons and deleting important log data. An exploit could allow the attacker to create arbitrary directories on the affected system. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvc76652
GHSA
GHSA-9376-q9f9-fr46: A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary
ghsa_unreviewed·2022-05-17
CVE-2017-6680 [HIGH] CWE-20 GHSA-9376-q9f9-fr46: A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-13
Published