Lucene search

CiscoCVE-2017-6606

HistoryApr 07, 2017 - 5:59 p.m.

CVE-2017-6606

2017-04-0717:59:00

CWE-78

cisco

web.nvd.nist.gov

cisco

ios xe

vulnerability

startup script

unauthenticated attacker

arbitrary commands

root user

nvd

cve-2017-6606

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.1.0s

ciscoios_xeMatch3.1.0sg

ciscoios_xeMatch3.1.1s

ciscoios_xeMatch3.1.1sg

ciscoios_xeMatch3.1.2s

ciscoios_xeMatch3.1.3s

ciscoios_xeMatch3.1.4as

ciscoios_xeMatch3.1.4s

ciscoios_xeMatch3.2.0se

ciscoios_xeMatch3.2.0sg

ciscoios_xeMatch3.2.0xo

ciscoios_xeMatch3.2.1s

ciscoios_xeMatch3.2.1se

ciscoios_xeMatch3.2.1sg

ciscoios_xeMatch3.2.1xo

ciscoios_xeMatch3.2.2s

ciscoios_xeMatch3.2.2se

ciscoios_xeMatch3.2.2sg

ciscoios_xeMatch3.2.3se

ciscoios_xeMatch3.2.3sg

ciscoios_xeMatch3.2.4sg

ciscoios_xeMatch3.2.5sg

ciscoios_xeMatch3.2.6sg

ciscoios_xeMatch3.2.7sg

ciscoios_xeMatch3.2.8sg

ciscoios_xeMatch3.2.9sg

ciscoios_xeMatch3.2.10sg

ciscoios_xeMatch3.2.11sg

ciscoios_xeMatch3.3.0s

ciscoios_xeMatch3.3.0se

ciscoios_xeMatch3.3.0sg

ciscoios_xeMatch3.3.0sq

ciscoios_xeMatch3.3.0xo

ciscoios_xeMatch3.3.1s

ciscoios_xeMatch3.3.1se

ciscoios_xeMatch3.3.1sg

ciscoios_xeMatch3.3.1sq

ciscoios_xeMatch3.3.1xo

ciscoios_xeMatch3.3.2s

ciscoios_xeMatch3.3.2se

ciscoios_xeMatch3.3.2sg

ciscoios_xeMatch3.3.2xo

ciscoios_xeMatch3.3.3se

ciscoios_xeMatch3.3.4se

ciscoios_xeMatch3.3.5se

ciscoios_xeMatch3.4.0as

ciscoios_xeMatch3.4.0s

ciscoios_xeMatch3.4.0sg

ciscoios_xeMatch3.4.0sq

ciscoios_xeMatch3.4.1s

ciscoios_xeMatch3.4.1sg

ciscoios_xeMatch3.4.1sq

ciscoios_xeMatch3.4.2s

ciscoios_xeMatch3.4.2sg

ciscoios_xeMatch3.4.3s

ciscoios_xeMatch3.4.3sg

ciscoios_xeMatch3.4.4s

ciscoios_xeMatch3.4.4sg

ciscoios_xeMatch3.4.5s

ciscoios_xeMatch3.4.5sg

ciscoios_xeMatch3.4.6s

ciscoios_xeMatch3.4.6sg

ciscoios_xeMatch3.4.7sg

ciscoios_xeMatch3.4.8sg

ciscoios_xeMatch3.5.0e

ciscoios_xeMatch3.5.0s

ciscoios_xeMatch3.5.0sq

ciscoios_xeMatch3.5.1e

ciscoios_xeMatch3.5.1s

ciscoios_xeMatch3.5.1sq

ciscoios_xeMatch3.5.2e

ciscoios_xeMatch3.5.2s

ciscoios_xeMatch3.5.2sq

ciscoios_xeMatch3.5.3e

ciscoios_xeMatch3.6.0e

ciscoios_xeMatch3.6.0s

ciscoios_xeMatch3.6.1e

ciscoios_xeMatch3.6.1s

ciscoios_xeMatch3.6.2ae

ciscoios_xeMatch3.6.2s

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.6.5ae

ciscoios_xeMatch3.6.5e

ciscoios_xeMatch3.6.6e

ciscoios_xeMatch3.6.7e

ciscoios_xeMatch3.7.0bs

ciscoios_xeMatch3.7.0e

ciscoios_xeMatch3.7.0s

ciscoios_xeMatch3.7.1e

ciscoios_xeMatch3.7.1s

ciscoios_xeMatch3.7.2e

ciscoios_xeMatch3.7.2s

ciscoios_xeMatch3.7.2ts

ciscoios_xeMatch3.7.3e

ciscoios_xeMatch3.7.3s

ciscoios_xeMatch3.7.4e

ciscoios_xeMatch3.7.4s

ciscoios_xeMatch3.7.5s

ciscoios_xeMatch3.7.6s

ciscoios_xeMatch3.7.7s

ciscoios_xeMatch3.8.0e

ciscoios_xeMatch3.8.0s

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch3.8.1s

ciscoios_xeMatch3.8.2e

ciscoios_xeMatch3.8.2s

ciscoios_xeMatch3.9.0s

ciscoios_xeMatch3.9.1s

ciscoios_xeMatch3.9.2s

ciscoios_xeMatch3.10.0s

ciscoios_xeMatch3.10.1s

ciscoios_xeMatch3.10.1xbs

ciscoios_xeMatch3.10.2s

ciscoios_xeMatch3.10.2ts

ciscoios_xeMatch3.10.3s

ciscoios_xeMatch3.10.4s

ciscoios_xeMatch3.10.5s

ciscoios_xeMatch3.10.6s

ciscoios_xeMatch3.10.7s

ciscoios_xeMatch3.11.0s

ciscoios_xeMatch3.11.1s

ciscoios_xeMatch3.11.2s

ciscoios_xeMatch3.11.3s

ciscoios_xeMatch3.11.4s

ciscoios_xeMatch3.12.0as

ciscoios_xeMatch3.12.0s

ciscoios_xeMatch3.12.1s

ciscoios_xeMatch3.12.2s

ciscoios_xeMatch3.12.3s

ciscoios_xeMatch3.12.4s

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.18.0as

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.2.1

VendorProductVersionCPE
ciscoios_xe3.1.0scpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*
ciscoios_xe3.1.0sgcpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*
ciscoios_xe3.1.1scpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*
ciscoios_xe3.1.1sgcpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*
ciscoios_xe3.1.2scpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*
ciscoios_xe3.1.3scpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*
ciscoios_xe3.1.4ascpe:2.3:o:cisco:ios_xe:3.1.4as:*:*:*:*:*:*:*
ciscoios_xe3.1.4scpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*
ciscoios_xe3.2.0secpe:2.3:o:cisco:ios_xe:3.2.0se:*:*:*:*:*:*:*
ciscoios_xe3.2.0sgcpe:2.3:o:cisco:ios_xe:3.2.0sg:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.1.0s	cpe:2.3:o:cisco:ios_xe:3.1.0s:::::::*
cisco	ios_xe	3.1.0sg	cpe:2.3:o:cisco:ios_xe:3.1.0sg:::::::*
cisco	ios_xe	3.1.1s	cpe:2.3:o:cisco:ios_xe:3.1.1s:::::::*
cisco	ios_xe	3.1.1sg	cpe:2.3:o:cisco:ios_xe:3.1.1sg:::::::*
cisco	ios_xe	3.1.2s	cpe:2.3:o:cisco:ios_xe:3.1.2s:::::::*
cisco	ios_xe	3.1.3s	cpe:2.3:o:cisco:ios_xe:3.1.3s:::::::*
cisco	ios_xe	3.1.4as	cpe:2.3:o:cisco:ios_xe:3.1.4as:::::::*
cisco	ios_xe	3.1.4s	cpe:2.3:o:cisco:ios_xe:3.1.4s:::::::*
cisco	ios_xe	3.2.0se	cpe:2.3:o:cisco:ios_xe:3.2.0se:::::::*
cisco	ios_xe	3.2.0sg	cpe:2.3:o:cisco:ios_xe:3.2.0sg:::::::*

Rows per page:

1-10 of 1641

CNA Affected

[
  {
    "product": "Cisco IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97434

www.securitytracker.com/id/1038190

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Related for CVE-2017-6606