You are here
Home > Preporuke > Ranjivost programskog paketa Cisco Ultra Services Framework Staging Server

Ranjivost programskog paketa Cisco Ultra Services Framework Staging Server

by ncert - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

Advisory ID: cisco-sa-20170705-usf3

Revision: 1.0

For Public Release: 2017 July 5 16:00 GMT

Last Updated: 2017 July 5 16:00 GMT

CVE ID(s): CVE-2017-6714

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user.

The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. An exploit could allow the attacker to execute arbitrary shell commands as the Linux root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZXQ8MZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHm4vhAAgO7AI5T0r3B3MkNn
45EEySRpQtrgv8oqAssS1Cb4RjryY/7yk3ofmPIsDbIo9mfFHZ5C8CXwp/7OFjIi
fdR8wlMKinQ2NUeI8RQSVZRmh4UjOmsPcxPacF8EXRlo+ZY0iYDNIWr/u/06vslT
7soylaLb+M48BvtxVnxpc7VLTP/9swF8tfzW2EYLdMIW9pG1hNfop49cMiaF/u8y
L597uP1TmEEPgV7mnSyCUmxdlrdc1AUQdk++PtFbIgPJPH5lBLYax2CirmyvK+gI
W5yisdz4m7ZYCUypoAcQn6D3L4jSVFecl26hr3NLvsidQCSAdN+eQOSVcJHl/UrL
WetL/0fmGPlRO5qrf595kN9gMPTQOvBF12Cr+Wz0N9Bsh6P4pkv1r4cIaRP6Bl/T
a+2nsAJN6ldZEnez1Tk/2kM2g8F6l0bXBH996UQfqZt2t9PtBlYduPzpvVUTDiPl
VViXs916KSBqOUkWj/3+9OyTIPPWvjukTP7oGkOoiyY99nNP5odqT6i0ShGXYKhG
lGVpxHfE6FG2nEMLfY5qVGrH6bpQ8RCCcJtpa51uh8+afsKkBw8Djf3E1fScAcOu
4MMlPAjG+WiAF5urUCMSYGov4M25L2DDl0hWgiMrJdD2rSwzUhtdbnbe/LiK7Ilu
aFsPDgy1REQqoPXfHzGBMdKU/zo=
=7LYj
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

ncert
Top
More in Preporuke
Ranjivost Cisco Elastic Services Controller softvera

Otkrivena je kritična ranjivost kod Play Framework Cisco ESC (Elastic Services Controller) softvera. Ranjivost je uzrokovana statičnim tvornički zadanim oznakama...

Close