← volver
CVE-2017-6708

CVE-2017-6708

EPSS 1.5%CWE-200
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 jul 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.
Productos afectados
n/a · Cisco Ultra Services Framework

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1http://www.securityfocus.com/bid/99512