CVE-2017-6774

CWE-552Files Accessible to External PartiesCWE-2644 documents4 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Systems, Inc. Staros FOR ASR 5000 Series Aggregated Services RoutersCisco ASR 5000 Software
Timeline
PublishedAug 17
Latest updateMay 13

Description

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected syste

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

NVDcisco/asr_5000_software21.0.v0.65839

🔴Vulnerability Details

2
GHSA
GHSA-q3m2-fp75-5458: A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote at2022-05-13
CVEList
CVE-2017-6774: A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote at2017-08-17

📋Vendor Advisories

1
Cisco
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability2017-08-16