ByteOS Network

CVE Vulnerability Details :

CVE-2017-6708

PUBLISHED

More Info Official Page

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-06 Jul, 2017 | 00:00

Updated At-05 Aug, 2024 | 15:41

▼CVE Numbering Authority (CNA)

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.

Affected Products

Vendor

n/a

Product

Cisco Ultra Services Framework

Versions

Affected

Cisco Ultra Services Framework

Problem Types

Type	CWE ID	Description
CWE	CWE-200	CWE-200

References

Hyperlink	Resource
http://www.securityfocus.com/bid/99512	vdb-entry x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/99512	vdb-entry x_refsource_BID x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1	x_refsource_CONFIRM x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References