CVE-2017-6774

Description

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.

Risk Information

Base Score

5.0

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.247

Associated Vulnerability

Vulnerability	OS Platform
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability For Cisco ASR 5000 Series	NCM
Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6774)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706032	Security Update for Cisco ASR 5000 Series 21.3.A0.66703

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234