CVE-2017-6775

Description

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.

Risk Information

Base Score

5.7

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS Score

Exploitation Probability

0.05

Associated Vulnerability

Vulnerability	OS Platform
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability For Cisco ASR 5000 Series	NCM
CVE-2017-6775	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706032	Security Update for Cisco ASR 5000 Series 21.3.A0.66703

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234