Executive Summary
Summary | |
---|---|
Title | Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170705-usf1 | First vendor Publication | 2017-07-05 |
Vendor | Cisco | Last vendor Modification | 2017-07-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZXQ7/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlryw/9ELae7P5jtb/mzw0 +ljvjkO6iJt2cm+ek6TjvHTukMJDNVKXTHbgvIzzfSZ1gvkj8SsuHKG1BFgOnNZcL CP0JAO3VzMFJYxsAzISuVQ4puNP1pAzliaR460ODTnptNYM4cRCpIC6oVNUYxGdu DeC+evJU8C5GjnmA6q3I8TPScz53YpO/tQKpWDoA6OQBhDUxT8aMuawk7kqrzHyx zEN+HqV5R0MiyeCQnlh6+U0i4Uc6YiJJiR006t1ILiab2c661CHps/AU0ICnpJEq fZEk6ZI6KBXhCVo5Ykeay8EANNUrlRBmK+ITNE4JwrHSJCEDAF4c6VfRLDjJV6L2 IMRsx1bHVFyLjp74nfl6IxNk8lK9FPRv3pRKnQj9SlhCxCwBsKIBHZbN97DImzzC hcNx5+FgzpZtcnzSLoR77GBWgLWwuVjXeMOhGF4uJxozuaCNgNv7qJqr2zLrP0vC vIV6pQaDmSszCyuk5HtUJYLr2x+Ha4FxjlzjJUrlAi2xrNq6wYBoq6JceY647RDv PVBPbPEdz+P3hpIFUk5cmA558qZPQqiU4++VZSuqVzdQCnlZaZJLpxf+F/fiMCtN zDTWTY0ntZQ+2lp3dbqC6W+E78KcZgjk09qf1EG2Jarh6uTX188WTRJFaNO7iwBU YDAvsa0lpTjJYfqlNxaaK2Z/IPM= =gcmX END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-23 | Cisco Ultra Services Framework AutoVNF directory traversal attempt RuleID : 44063 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2017-07-07 21:24:49 |
|
2017-07-06 09:24:47 |
|
2017-07-06 00:22:06 |
|