Executive Summary

Summary
Title Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability
Informations
Name cisco-sa-20170705-usf1 First vendor Publication 2017-07-05
Vendor Cisco Last vendor Modification 2017-07-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.

The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZXQ7/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlryw/9ELae7P5jtb/mzw0 +ljvjkO6iJt2cm+ek6TjvHTukMJDNVKXTHbgvIzzfSZ1gvkj8SsuHKG1BFgOnNZcL CP0JAO3VzMFJYxsAzISuVQ4puNP1pAzliaR460ODTnptNYM4cRCpIC6oVNUYxGdu DeC+evJU8C5GjnmA6q3I8TPScz53YpO/tQKpWDoA6OQBhDUxT8aMuawk7kqrzHyx zEN+HqV5R0MiyeCQnlh6+U0i4Uc6YiJJiR006t1ILiab2c661CHps/AU0ICnpJEq fZEk6ZI6KBXhCVo5Ykeay8EANNUrlRBmK+ITNE4JwrHSJCEDAF4c6VfRLDjJV6L2 IMRsx1bHVFyLjp74nfl6IxNk8lK9FPRv3pRKnQj9SlhCxCwBsKIBHZbN97DImzzC hcNx5+FgzpZtcnzSLoR77GBWgLWwuVjXeMOhGF4uJxozuaCNgNv7qJqr2zLrP0vC vIV6pQaDmSszCyuk5HtUJYLr2x+Ha4FxjlzjJUrlAi2xrNq6wYBoq6JceY647RDv PVBPbPEdz+P3hpIFUk5cmA558qZPQqiU4++VZSuqVzdQCnlZaZJLpxf+F/fiMCtN zDTWTY0ntZQ+2lp3dbqC6W+E78KcZgjk09qf1EG2Jarh6uTX188WTRJFaNO7iwBU YDAvsa0lpTjJYfqlNxaaK2Z/IPM= =gcmX END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

Snort® IPS/IDS

Date Description
2017-08-23 Cisco Ultra Services Framework AutoVNF directory traversal attempt
RuleID : 44063 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2017-07-07 21:24:49
  • Multiple Updates
2017-07-06 09:24:47
  • Multiple Updates
2017-07-06 00:22:06
  • First insertion