CVE-ID |
CVE-2017-6781
|
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
Description |
A vulnerability in the management of shell user accounts for Cisco
Policy Suite (CPS) Software for CPS appliances could allow an
authenticated, local attacker to gain elevated privileges on an
affected system. The affected privilege level is not at the root
level. The vulnerability is due to incorrect role-based access control
(RBAC) for shell user accounts. An attacker could exploit this
vulnerability by authenticating to an affected appliance and providing
crafted user input via the CLI. A successful exploit could allow the
attacker to acquire a higher privilege level than should have been
granted. To exploit this vulnerability, the attacker must log in to
the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known
Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.
|
References |
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
|
Assigning CNA |
Cisco Systems, Inc. |
Date Entry Created |
20170309 |
Disclaimer: The entry creation date may reflect when
the CVE ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
Phase (Legacy) |
Assigned (20170309) |
Votes (Legacy) |
|
Comments (Legacy) |
|
Proposed (Legacy) |
N/A |
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. |
|
For More Information: cve@mitre.org
|