Lucene search

[email protected]CVE-2017-6774

HistoryAug 17, 2017 - 8:29 p.m.

CVE-2017-6774

2017-08-1720:29:00

CWE-552

[email protected]

web.nvd.nist.gov

cisco

asr 5000

aggregated services routers

staros

vulnerability

authenticated

remote attacker

sensitive system files

ftp

exploit

configuration files

nvd

cve-2017-6774

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.

Affected configurations

NVD

Node

ciscoasr_5000_softwareMatch21.0.v0.65839

CPENameOperatorVersion
cisco:asr_5000_softwarecisco asr 5000 softwareeq21.0.v0.65839

CPE	Name	Operator	Version
cisco:asr_5000_software	cisco asr 5000 software	eq	21.0.v0.65839

CNA Affected

[
  {
    "product": "StarOS for ASR 5000 Series Aggregated Services Routers",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "21.0.v0.65839"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100386

www.securitytracker.com/id/1039182

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for CVE-2017-6774

prion1 cvelist1 cisco1 nvd1