CVE-2017-6794

CWE-20Improper Input ValidationCWE-77Command Injection4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.2%
top 55.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Meeting Server
Timeline
PublishedSep 7
Latest updateMay 13

Description

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a craft

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_meeting_serverCisco Meeting Server
NVDcisco/meeting_server30 versions+29

🔴Vulnerability Details

2
GHSA
GHSA-6929-fmg8-wwgh: A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and2022-05-13
CVEList
CVE-2017-6794: A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and2017-09-07

📋Vendor Advisories

1
Cisco
Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability2017-08-23
CVE-2017-6794 (MEDIUM CVSS 6.7) | A vulnerability in the CLI command- | cvebase.io