CVE-2017-6781

Name of the Vulnerable Software and Affected Versions Cisco Policy Suite (CPS) Software for CPS appliances versions 9.0.0 through 12.0.0

Description A vulnerability in the management of shell user accounts could allow an authenticated, local attacker to gain elevated privileges on an affected system. The issue is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this by authenticating to an affected appliance and providing crafted user input via the Command Line Interface (CLI). A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted.

Recommendations For versions 9.0.0 through 12.0.0, update to a version that includes the fix for Cisco Bug ID CSCve37724 to resolve the issue.