CVE-2017-6775

Name of the Vulnerable Software and Affected Versions Cisco ASR 5000 Series Aggregated Services Routers version 21.0.v0.65839

Description A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The issue is due to incorrect permissions given to a set of users. An attacker could exploit this by logging in to the shell of an affected device and modifying environment variables to gain admin-level privileges, potentially taking control of the device.

Recommendations For version 21.0.v0.65839, update the system to a version that includes the fix for Cisco Bug ID CSCvd47741 to prevent privilege escalation. As a temporary workaround, consider restricting access to the shell of affected devices to minimize the risk of exploitation.