CVE-2017-6773

Name of the Vulnerable Software and Affected Versions Cisco ASR 5000 Series Aggregated Services Routers version 21.0.v0.65839

Description A vulnerability in the CLI could allow an authenticated, local attacker to bypass CLI restrictions and execute commands on the underlying operating system. This is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this by crafting a script on the device to bypass built-in restrictions, potentially allowing unauthorized users to launch the CLI directly from a command shell.

Recommendations For version 21.0.v0.65839, consider restricting access to the CLI to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to craft scripts on the device that could bypass built-in restrictions.