CVE-2017-6707

06.07.2017, 00:29

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cisco	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vendor	Product	Version
cisco	staros	11.0_base:_base
cisco	staros	12.0.0
cisco	staros	12.1_base:_base
cisco	staros	12.2\(300\)
cisco	staros	12.2_base:_base
cisco	staros	14.0\(600\)
cisco	staros	14.0.0
cisco	staros	15.0\(912\)
cisco	staros	15.0\(935\)
cisco	staros	15.0\(938\)
cisco	staros	15.0_base:_base
cisco	staros	16.0\(900\)
cisco	staros	16.0.0
cisco	staros	16.1.0
cisco	staros	16.1.1
cisco	staros	16.1.2
cisco	staros	16.5.0
cisco	staros	16.5.2
cisco	staros	17.2.0
cisco	staros	17.2.0.59184
cisco	staros	17.3.0
cisco	staros	17.3.1
cisco	staros	17.3_base:_base
cisco	staros	17.7.0
cisco	staros	18.0.0
cisco	staros	18.0.0.57828
cisco	staros	18.0.0.59167
cisco	staros	18.0.0.59211
cisco	staros	18.0.l0.59219:l0.59219
cisco	staros	18.1.0
cisco	staros	18.1.0.59776
cisco	staros	18.1.0.59780
cisco	staros	18.1_base:_base
cisco	staros	18.3.0
cisco	staros	18.3_base:_base
cisco	staros	18.4.0
cisco	staros	19.0.1
cisco	staros	19.0.m0.60737:m0.60737
cisco	staros	19.0.m0.60828:m0.60828
cisco	staros	19.0.m0.61045:m0.61045
cisco	staros	19.1.0
cisco	staros	19.1.0.61559
cisco	staros	19.2.0
cisco	staros	19.3.0
cisco	staros	20.0.0
cisco	staros	20.0.1.0
cisco	staros	20.0.1.a0:a0
cisco	staros	20.0.1.v0:v0
cisco	staros	20.0.2.3
cisco	staros	20.0.2.3.65026
cisco	staros	20.0.2.v1:v1
cisco	staros	20.0.m0.62842:m0.62842
cisco	staros	20.0.m0.63229:m0.63229
cisco	staros	20.0.v0:v0
cisco	staros	21.0.0
cisco	staros	21.0_base:_base
cisco	staros	21.0_m0.64246:_m0.64246
cisco	staros	21.0_m0.64702:_m0.64702

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

http://www.securityfocus.com/bid/99462

http://www.securitytracker.com/id/1038818

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd

http://www.securityfocus.com/bid/99462

http://www.securitytracker.com/id/1038818

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd