Vulnslist

find the latest Cisco vulnerabilities

Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability

cisco-sa-20170607-usf1 · Medium · Published · Updated

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. The vulnerability is due to insufficient checks when creating directories on the system. An attacker could exploit this vulnerability by creating arbitrary directories as root on the system and potentially impacting the behavior of other daemons and deleting important log data. An exploit could allow the attacker to create arbitrary directories on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6680
Cisco Bug IDsCSCvc76652
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Ultra Services Framework

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-6680 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6680 Cisco OpenVuln
Cisco Ultra Services Framework CVE-2017-6680 Cisco OpenVuln