cnvd - cnvd-2017-13744

cnvd-2017-13744

Vulnerability from cnvd

Title: Cisco StarOS远程安全绕过漏洞

Description:

Cisco StarOS是美国思科（Cisco）公司的一套运行于5000等系列路由器设备中的操作系统。

Cisco StarOS存在远程安全绕过漏洞，远程认证攻击者可利用该漏洞修改任意文件。该漏洞源于程序未能充分的输入验证。远程攻击者可通过向受影响的系统发送特制的命令行请求利用该漏洞覆盖或修改受影响系统上的任意文件。

Severity: 中

Patch Name: Cisco StarOS远程安全绕过漏洞的补丁

Patch Description:

Cisco StarOS是美国思科（Cisco）公司的一套运行于5000等系列路由器设备中的操作系统。

Cisco StarOS存在远程安全绕过漏洞，远程认证攻击者可利用该漏洞修改任意文件。该漏洞源于程序未能充分的输入验证。远程攻击者可通过向受影响的系统发送特制的命令行请求利用该漏洞覆盖或修改受影响系统上的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros

Reference: http://securitytracker.com/id/1038634

Impacted products

Name
['Cisco StarOS 无', 'Cisco ASR 5000 Series 21.3.M0.67005', 'Cisco ASR 5000 Series 21.0.v0.65839']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98998"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6690",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6690"
    }
  },
  "description": "Cisco StarOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u4e8e5000\u7b49\u7cfb\u5217\u8def\u7531\u5668\u8bbe\u5907\u4e2d\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco StarOS\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u4efb\u610f\u6587\u4ef6\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u53d1\u9001\u7279\u5236\u7684\u547d\u4ee4\u884c\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u6216\u4fee\u6539\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13744",
  "openTime": "2017-07-11",
  "patchDescription": "Cisco StarOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u4e8e5000\u7b49\u7cfb\u5217\u8def\u7531\u5668\u8bbe\u5907\u4e2d\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco StarOS\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u4efb\u610f\u6587\u4ef6\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u53d1\u9001\u7279\u5236\u7684\u547d\u4ee4\u884c\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u6216\u4fee\u6539\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco StarOS\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco StarOS \u65e0",
      "Cisco ASR 5000 Series 21.3.M0.67005",
      "Cisco ASR 5000 Series  21.0.v0.65839"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038634",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-09",
  "title": "Cisco StarOS\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-6690 (GCVE-0-2017-6690)

Vulnerability from cvelistv5

Published

2017-06-13 06:00

Modified

2024-08-05 15:41

Severity ?

CWE

Arbitrary File Modification Vulnerability

Summary

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98998	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1038634	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco StarOS	Version: Cisco StarOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:15.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
          },
          {
            "name": "98998",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98998"
          },
          {
            "name": "1038634",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038634"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco StarOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco StarOS"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Modification Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
        },
        {
          "name": "98998",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98998"
        },
        {
          "name": "1038634",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038634"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco StarOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco StarOS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Modification Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros"
            },
            {
              "name": "98998",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98998"
            },
            {
              "name": "1038634",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038634"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6690",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:15.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted