CVE-2017-6707

Name of the Vulnerable Software and Affected Versions Cisco StarOS versions 11.0 through 21.0

Description A issue in the CLI command-parsing code of the Cisco StarOS operating system could allow an authenticated, local attacker to execute arbitrary shell commands as a Linux root user on the system. This is because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this by submitting a crafted CLI command for execution in a Linux shell command as a root user.

Recommendations For Cisco StarOS versions 11.0 through 21.0, update the system to a version that includes the fix for Cisco Bug IDs: CSCvc69329, CSCvc72930. As a temporary workaround, consider restricting access to the CLI command-parsing code to minimize the risk of exploitation.