CVE-2017-6690

CWE-20 — Improper Input Validation CWE-2644 documents4 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 62.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASR 5000 Software

Timeline

PublishedJun 13

Latest updateMay 13

Description

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_starosCisco StarOS

▶NVDcisco/asr_5000_software21.0.v0.65839, 21.3.m0.67005+1

🔴Vulnerability Details

GHSA

GHSA-39wf-75mq-q4p3: A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow↗2022-05-13

▶

CVEList

CVE-2017-6690: A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco StarOS Arbitrary File Modification Vulnerability↗2017-06-07

▶