PT-2017-2637 · Cisco · Cisco Context Service Sdk

Published

2017-06-13

Updated

2017-06-26

CVE-2017-6667

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Context Service software development kit (SDK) version 2.0

Description A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. The issue is due to insufficient input validation in the update mechanism.

Recommendations For version 2.0, update the software to a version that addresses the issue, as the current version is affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2017-01864

CVE-2017-6667

Affected Products

Cisco Context Service Sdk

PT-2017-2637 · Cisco · Cisco Context Service Sdk

CVE-2017-6667

Weakness Enumeration

Related Identifiers

Affected Products

References · 5