Cisco ASR 5000, 5500, and 5700 Routers StarOS CLI Bug Lets Local Users Obtain Root Privileges
|
|
SecurityTracker Alert ID: 1038818 |
|
SecurityTracker URL: http://securitytracker.com/id/1038818
|
|
CVE Reference:
CVE-2017-6707
(Links to External Site)
|
Date: Jul 5 2017
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): ASR 5000, 5500, 5700 Series
|
Description:
A vulnerability was reported in StarOS on Cisco ASR 5000, 5500, and 5700 Routers. A local user can obtain root privileges on the target system.
A local user can exploit a flaw in several StarOS command line interface (CLI) commands to execute arbitrary operating system commands on the target system with root privileges.
The vendor has assigned bug IDs CSCvc69329 and CSCvc72930 to this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fix (StarOS 18.7.6, 19.6.5, 20.2.9, 21.1.1).
The vendor advisory is available at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd (Links to External Site)
|
Cause:
Access control error, Input validation error
|
|
Message History:
None.
|
Source Message Contents
|
Subject: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd
|
|
|
