Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability

2017-06-07T16:00:00
ID CISCO-SA-20170607-USF1
Type cisco
Reporter Cisco
Modified 2017-06-06T17:06:56

Description

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system.

The vulnerability is due to insufficient checks when creating directories on the system. An attacker could exploit this vulnerability by creating arbitrary directories as root on the system and potentially impacting the behavior of other daemons and deleting important log data. An exploit could allow the attacker to create arbitrary directories on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1"]