PT-2017-17264 · Cisco · Cisco Virtual Network Function Element Manager

Publicado

2017-08-17

Atualizado

2017-08-25

CVE-2017-6710

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Virtual Network Function (VNF) Element Manager versions prior to 5.0.4 and 5.1.4

Description A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. This issue arises from command settings that permit users to specify arbitrary commands to run as root on the server, which an attacker could exploit to elevate privileges.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2017-6710

Produtos afetados

Cisco Virtual Network Function Element Manager

PT-2017-17264 · Cisco · Cisco Virtual Network Function Element Manager

CVE-2017-6710

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4