CVE-2017-6683

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGH

EPSS

9.5%

top 7.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Elastic Services Controller

Timeline

PublishedJun 13

Latest updateMay 17

Description

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller

▶NVDcisco/elastic_services_controller2.2\(9.76\)

🔴Vulnerability Details

GHSA

GHSA-7w8x-vx5w-mg75: A vulnerability in the esc_listener↗2022-05-17

▶

CVEList

CVE-2017-6683: A vulnerability in the esc_listener↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability↗2017-06-07

▶