PT-2017-17238 · Cisco · Cisco Ultra Services Framework

Published

2017-06-13

Updated

2017-06-21

CVE-2017-6680

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Framework version 21.0.0

Description A vulnerability in the AutoVNF logging function could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system.

Recommendations For version 21.0.0, update to a version that includes the fix for the issue, as the current version allows an attacker to create arbitrary directories on the system.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-6680

Affected Products

Cisco Ultra Services Framework

PT-2017-17238 · Cisco · Cisco Ultra Services Framework

CVE-2017-6680

Weakness Enumeration

Related Identifiers

Affected Products

References · 4