You are here
Home > Preporuke > Sigurnosni nedostatak Cisco AutoVNF alata

Sigurnosni nedostatak Cisco AutoVNF alata

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability

Advisory ID: cisco-sa-20170705-usf1

Revision: 1.0

For Public Release: 2017 July 5 16:00 GMT

Last Updated: 2017 July 5 16:00 GMT

CVE ID(s): CVE-2017-6708

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

+———————————————————————

Summary
=======
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.

The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZXQ7/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlryw/9ELae7P5jtb/mzw0+
ljvjkO6iJt2cm+ek6TjvHTukMJDNVKXTHbgvIzzfSZ1gvkj8SsuHKG1BFgOnNZcL
CP0JAO3VzMFJYxsAzISuVQ4puNP1pAzliaR460ODTnptNYM4cRCpIC6oVNUYxGdu
DeC+evJU8C5GjnmA6q3I8TPScz53YpO/tQKpWDoA6OQBhDUxT8aMuawk7kqrzHyx
zEN+HqV5R0MiyeCQnlh6+U0i4Uc6YiJJiR006t1ILiab2c661CHps/AU0ICnpJEq
fZEk6ZI6KBXhCVo5Ykeay8EANNUrlRBmK+ITNE4JwrHSJCEDAF4c6VfRLDjJV6L2
IMRsx1bHVFyLjp74nfl6IxNk8lK9FPRv3pRKnQj9SlhCxCwBsKIBHZbN97DImzzC
hcNx5+FgzpZtcnzSLoR77GBWgLWwuVjXeMOhGF4uJxozuaCNgNv7qJqr2zLrP0vC
vIV6pQaDmSszCyuk5HtUJYLr2x+Ha4FxjlzjJUrlAi2xrNq6wYBoq6JceY647RDv
PVBPbPEdz+P3hpIFUk5cmA558qZPQqiU4++VZSuqVzdQCnlZaZJLpxf+F/fiMCtN
zDTWTY0ntZQ+2lp3dbqC6W+E78KcZgjk09qf1EG2Jarh6uTX188WTRJFaNO7iwBU
YDAvsa0lpTjJYfqlNxaaK2Z/IPM=
=gcmX
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa dnsperf

Otkriveni su sigurnosni nedostaci u programskom paketu dnsperf za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje sigurnosnih ograničenja...

Close