CVE-2017-6708

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:ultra_services_framework:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:30

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/99512 - () http://www.securityfocus.com/bid/99512 -
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 - Vendor Advisory

Information

Published : 2017-07-06 00:29

Updated : 2024-11-21 03:30


NVD link : CVE-2017-6708

Mitre link : CVE-2017-6708

CVE.ORG link : CVE-2017-6708


JSON object : View

Products Affected

cisco

  • ultra_services_framework
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor