Executive Summary
| Summary | |
|---|---|
| Title | Cisco Policy Suite Privilege Escalation Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20170517-cps | First vendor Publication | 2017-05-17 |
| Vendor | Cisco | Last vendor Modification | 2017-05-17 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZHHQiZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHm5gBAA4054vwpO4jMJelTk 2TNNUyrw8GnvdjJDipscxwO7L0Cjb4CuRbJZNpqy2vbeOsfPur8NokQ8DyLPFcC4 IGn+HMpufETAVT3gmHAp1asw4qhoDnXx9kpPrgKZ4KTw0TrmSSL4GtIf+BwyR3Bw bNeE/gux8dVVNUhT+HDQ5IXeneeK0gLxChPYI3snX8eZ6JCu7VHMIqygvnLey9uS 0G451oaKZinUZbeXDfMx9OxE58Umm1J7skN43ig6dG9bZbGCbfcINKJZbbLO7Zhz YjqvAOIWdUtvezo3S7xC9p8ylEb02zrjnQiVgaOrTb/+OLwUv33z7WXj9f94nsDE 3JVexH5+GDqHrG9mR5o3sK3RFhXJALsP8HGntA4b5BIcj1uCGAEGz+F4YnvXTNLR 0P6E+qRJW236DxIpRWhCVW29qeBt8aJ8qBwn7QeSGQp8Toi8+yH5MPfLrPvrwn0w FAMka7EQ3KlfGmz+sTbhpegI2H6c6o0pJp1G+rCJAmE8+A2XUJB/sBXhn6mVl8Xh nK9h63KHdCvIVpnU3TW8Jn59mXopyNbsxXMqoetBzFax/xuk1F7w8RGu8ANWTOgL yr2GSUDDT12D8e4cqEkl8djeN+v6j/SFwgY02s3XNGHgOUu9vlhvk/dAqI2S9sf1 ucV6raBuPS5kcsUHTQ4BoMIIdvs= =+o8F END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-269 | Improper Privilege Management |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Alert History
| Date | Informations |
|---|---|
| 2017-05-25 21:25:13 |
|
| 2017-05-19 00:24:05 |
|
| 2017-05-17 21:20:52 |
|
