Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6767

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-17 Aug, 2017 | 20:00
Updated At-16 Sep, 2024 | 19:31
Rejected At-
Credits

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:17 Aug, 2017 | 20:00
Updated At:16 Sep, 2024 | 19:31
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).

Affected Products
Vendor
Cisco Systems, Inc.Cisco Systems, Inc.
Product
Application Policy Infrastructure Controller (APIC)
Versions
Affected
  • 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o)
  • 1.1(0.920a), 1.1(1j), 1.1(3f)
  • 1.2 Base, 1.2(2), 1.2(3), 1.2.2
  • 1.3(1), 1.3(2), 1.3(2f)
  • 2.0 Base, 2.0(1)
Problem Types
TypeCWE IDDescription
textN/APrivilege Escalation
Type: text
CWE ID: N/A
Description: Privilege Escalation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/100400
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1039180
vdb-entry
x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securityfocus.com/bid/100400
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1039180
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/100400
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1039180
vdb-entry
x_refsource_SECTRACK
x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100400
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039180
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:17 Aug, 2017 | 20:29
Updated At:20 Apr, 2025 | 01:37

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.1HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(1e\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1e\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(1h\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1h\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(1k\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1k\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(1n\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1n\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(2j\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(2j\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(2m\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(2m\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(3f\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(3i\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3i\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(3k\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3k\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(3n\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3n\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(4h\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(4h\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.0\(4o\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(4o\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.1\(0.920a\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(0.920a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.1\(1j\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(1j\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.1\(3f\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(3f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.2\(2\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.2\(3\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\(3\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.2.2
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.2_base
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.3\(1\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.3\(2\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>1.3\(2f\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(2f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>2.0\(1\)
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>application_policy_infrastructure_controller>>2.0_base
cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100400psirt@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039180psirt@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1psirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/100400af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039180af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100400
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039180
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100400
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2018-0425
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.05% / 91.76%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv215w_wireless-n_vpn_routerrv110w_firmwarerv130wrv110w_wireless-n_vpn_firewallrv215w_firmwareCisco RV130W Wireless-N Multifunction VPN Router Firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0245
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 64.72%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco 5500 and 8500 Series Wireless LAN Controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0436
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-0.24% / 46.19%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Teams Information Disclosure and Modification Vulnerability

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_teamsCisco Webex Teams
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0437
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-6.86% / 90.98%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft Corporation
Product-umbrella_roaming_modulewindowsumbrella_enterprise_roaming_clientCisco Umbrella
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0438
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-4.73% / 88.98%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft Corporation
Product-windowsumbrella_enterprise_roaming_clientCisco Umbrella
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40124
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:36
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-6728
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrCisco IOS XR
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-6623
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-policy_suiteCisco Policy Suite
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-264
Not Available
CVE-2017-6732
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.07%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_networkCisco Prime Network
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34745
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 19:50
Updated-07 Nov, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AppDynamics .NET Agent Privilege Escalation Vulnerability

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-appdynamics_.net_agentAppDynamics .NET Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1572
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-confdnetwork_services_orchestratorCisco ConfD
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1258
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.78%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.McAfee, LLCMicrosoft Corporation
Product-agent_epolicy_orchestrator_extensionwindowsanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3393
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-19 Dec, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4x1100-6g_integrated_services_routercatalyst_c9407rcatalyst_c9300-48pws-c3650-24td4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_c9200-24pasr_1000-xws-c3850catalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4g111x_integrated_services_routercatalyst_9800-lasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gws-c3650-24psasr1001-hxcatalyst_9800-clws-c3650-48tqcatalyst_c9200l-48p-4gws-c3650-12x48uzws-c3850-48xs1160_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9200l-24pxg-2yws-c3850-24ucatalyst_9800-801109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gws-c3650-48pd1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_c9300-48uxmcatalyst_9800-401101-4p_integrated_services_router1100-4p_integrated_services_routercatalyst_c9500-40xasr_1006ws-c3850-24xsasr1002-hx-wscatalyst_c9200-24tws-c3650-24pdm1101_integrated_services_router1100-4gltegb_integrated_services_router4451_integrated_services_routerws-c3650-48fqmws-c3850-48tcatalyst_c9200l-48p-4xcatalyst_c9410rcatalyst_c9300-24pasr1001-hx-rfws-c3650-24pdws-c3650-48fsws-c3850-48pws-c3850-24pcatalyst_c9300-48u1100-4gltena_integrated_services_router1100_integrated_services_routerws-c3650-8x24uqcatalyst_9800-l-cws-c3650-48tscatalyst_c9300-48tcatalyst_c9500-12qcatalyst_c9500-24qws-c3650-12x48urcatalyst_c9200-48tcatalyst_c9300-24sasr1002-x-rfws-c3650-12x48uqws-c3650-48tdasr_1001asr1002-hx4221_integrated_services_routercatalyst_c9404rws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdasr1002-x-wscatalyst_c9500-32casr_1002-xcatalyst_c9300l-24p-4gws-c3850-12scatalyst_c9500-32qcasr1002-hx-rfws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48fws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48ps1109-2p_integrated_services_routerws-c3850-24tasr_1002catalyst_c9300l-24t-4xcatalyst_9800-l-fws-c3650-24tsasr_1004catalyst_c9200-48p1120_integrated_services_routercatalyst_c9300-48uncatalyst_c9200l-24t-4xasr1001-x-rfws-c3650-48pqcatalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xasr1001-x-wscsr_1000vios_xecatalyst_c9300l-48t-4g1111x-8p_integrated_services_routercatalyst_c9500-48y4c1100-8p_integrated_services_routerws-c3850-24s1109-4p_integrated_services_routercatalyst_c9300-24uxasr_1001-xws-c3850-12xsCisco IOS XE Software
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29164
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.13%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 23:15
Updated-23 Apr, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions.

Action-Not Available
Vendor-argo_workflows_projectargoproj
Product-argo_workflowsargo-workflows
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • Next
Details not found