PT-2017-17264 · Cisco · Cisco Virtual Network Function Element Manager

Published

2017-08-17

Updated

2017-08-25

CVE-2017-6710

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Virtual Network Function (VNF) Element Manager versions prior to 5.0.4 and 5.1.4

Description A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. This issue arises from command settings that permit users to specify arbitrary commands to run as root on the server, which an attacker could exploit to elevate privileges.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2017-6710

Affected Products

Cisco Virtual Network Function Element Manager

PT-2017-17264 · Cisco · Cisco Virtual Network Function Element Manager

CVE-2017-6710

Weakness Enumeration

Related Identifiers

Affected Products

References · 4