PT-2017-17262 · Cisco · Cisco Ultra Services Framework

Publicado

2017-07-06

Atualizado

2017-07-13

CVE-2017-6708

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Framework versions prior to 5.0.3 Cisco Ultra Services Framework versions prior to 5.1

Description A vulnerability in the symbolic link creation functionality of the AutoVNF tool could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The issue is due to the absence of validation checks for the input used to create symbolic links.

Recommendations For versions prior to 5.0.3, update to Release 5.0.3 or later. For versions prior to 5.1, update to Release 5.1 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-6708

Produtos afetados

Cisco Ultra Services Framework

PT-2017-17262 · Cisco · Cisco Ultra Services Framework

CVE-2017-6708

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4