CVE-2017-6773

{"id": "CVE-2017-6773", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2017-08-17T20:29:00.527", "references": [{"url": "http://www.securityfocus.com/bid/100376", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039181", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839."}, {"lang": "es", "value": "Una vulnerabilidad en el CLI de Cisco ASR 5000 Series Aggregated Services Routers ejecutando el sistema operativo Cisco StarOS podr\u00eda permitir que un atacante local autenticado omita las restricciones de CLI y ejecute comandos en el sistema operativo subyacente. Esta vulnerabilidad se debe a la insuficiente sanitizaci\u00f3n de las entradas proporcionadas por el usuario en el CLI. Un atacante podr\u00eda explotar esta vulnerabilidad creando un script en el dispositivo que les permitir\u00e1 omitir las restricciones incorporadas. Un exploit podr\u00eda permitir que el usuario sin autorizaci\u00f3n lance el CLI directamente desde una consola de comandos. Cisco Bug IDs: CSCvd47722. Versiones afectadas conocidas: 21.0.v0.65839."}], "lastModified": "2017-08-25T11:24:26.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:asr_5000_software:21.0.v0.65839:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1206A9D2-0AA2-4F7A-9AE8-D0BAC299DA9A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}