CVE-2017-6781

CWE-287Improper AuthenticationCWE-2644 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 84.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Systems, Inc. Policy SuiteCisco Policy Suite
Timeline
PublishedAug 17
Latest updateMay 13

Description

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A suc

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5cisco_systems,_inc./policy_suite5 versions+4
NVDcisco/policy_suite5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-c787-vq26-34f6: A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local2022-05-13
CVEList
CVE-2017-6781: A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local2017-08-17

📋Vendor Advisories

1
Cisco
Cisco Policy Suite Privilege Escalation Vulnerability2017-08-16
CVE-2017-6781 (MEDIUM CVSS 5.3) | A vulnerability in the management o | cvebase.io