Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

cisco-sa-20170607-esc1 · Medium · Published · Updated

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. The vulnerability is due to insufficient sanitization of commands that are permitted to run from the ConfD CLI of an affected system. An attacker could exploit this vulnerability by breaking from the restricted shell of the ConfD CLI of an affected system and running arbitrary commands as the Linux tomcat user on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6682
Cisco Bug IDsCSCvc76620
CVSS ScoreBase 5.0
Base 5.0 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-6682 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6682 Cisco OpenVuln
Cisco Elastic Services Controller CVE-2017-6682 Cisco OpenVuln