CVE-2017-6707OS Command Injection in Cisco Staros

CWE-78OS Command Injection4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 53.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Staros
Timeline
PublishedJul 6
Latest updateMay 17

Description

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitiz

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

NVDcisco/staros58 versions+57

🔴Vulnerability Details

2
GHSA
GHSA-vrh9-8v6g-q73c: A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 112022-05-17
CVEList
CVE-2017-6707: A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 112017-07-06

📋Vendor Advisories

1
Cisco
Cisco StarOS CLI Command Injection Vulnerability2017-07-05
CVE-2017-6707 — OS Command Injection in Cisco Staros | cvebase