CVE-2017-6681
published 2017-06-13CVE-2017-6681: A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative…
PriorityP346high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.56%
83.1th percentile
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ultra_services_framework | — | — |
| cisco | ultra_services_framework_autovnf_vnfstagingview | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
vendor_cisco·2017-06-07·CVSS 4.3
CVE-2017-6681 [MEDIUM] CWE-200 Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system.
The vulnerability is due to insufficient sanity checks against crafted URL requests. An attacker could exploit this vulnerability by crafting a URL request against an affected device. An exploit could allow the attacker to execute a relative path traversal attack, enabling the attacker to read sensitive files on the system.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/
Cisco
Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6681 Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
CVE-2017-6681: Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. The vulnerability is due to insufficient sanity checks against crafted URL requests. An attacker could exploit this vulnerability by crafting a URL request against an affected device. An exploit could allow the attacker to execute a relative path traversal attack, enabling the attacker to read sensitive files on the system. There are no
CVSS: 3.0
CWE: CWE-200, CWE-200
Bug IDs: CSCvc76662
GHSA
GHSA-xc85-79ph-26j8: A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a rel
ghsa_unreviewed·2022-05-17
CVE-2017-6681 [HIGH] CWE-22 GHSA-xc85-79ph-26j8: A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a rel
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-13
Published