Vulnerability/
CVE-2017-6707

8.2

CWE

78 77

6/7/2017

5/8/2024

CVE-2017-6707: OS Command Injection

First published: Thu Jul 06 2017(Updated: )

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco StarOS	=11.0_base
Cisco StarOS	=12.0.0
Cisco StarOS	=12.1_base
Cisco StarOS	=12.2\(300\)
Cisco StarOS	=12.2_base
Cisco StarOS	=14.0\(600\)
Cisco StarOS	=14.0.0
Cisco StarOS	=15.0\(912\)
Cisco StarOS	=15.0\(935\)
Cisco StarOS	=15.0\(938\)
Cisco StarOS	=15.0_base
Cisco StarOS	=16.0\(900\)
Cisco StarOS	=16.0.0
Cisco StarOS	=16.1.0
Cisco StarOS	=16.1.1
Cisco StarOS	=16.1.2
Cisco StarOS	=16.5.0
Cisco StarOS	=16.5.2
Cisco StarOS	=17.2.0
Cisco StarOS	=17.2.0.59184
Cisco StarOS	=17.3.0
Cisco StarOS	=17.3.1
Cisco StarOS	=17.3_base
Cisco StarOS	=17.7.0
Cisco StarOS	=18.0.0
Cisco StarOS	=18.0.0.57828
Cisco StarOS	=18.0.0.59167
Cisco StarOS	=18.0.0.59211
Cisco StarOS	=18.0.l0.59219
Cisco StarOS	=18.1.0
Cisco StarOS	=18.1.0.59776
Cisco StarOS	=18.1.0.59780
Cisco StarOS	=18.1_base
Cisco StarOS	=18.3.0
Cisco StarOS	=18.3_base
Cisco StarOS	=18.4.0
Cisco StarOS	=19.0.1
Cisco StarOS	=19.0.m0.60737
Cisco StarOS	=19.0.m0.60828
Cisco StarOS	=19.0.m0.61045
Cisco StarOS	=19.1.0
Cisco StarOS	=19.1.0.61559
Cisco StarOS	=19.2.0
Cisco StarOS	=19.3.0
Cisco StarOS	=20.0.0
Cisco StarOS	=20.0.1.0
Cisco StarOS	=20.0.1.a0
Cisco StarOS	=20.0.1.v0
Cisco StarOS	=20.0.2.3
Cisco StarOS	=20.0.2.3.65026
Cisco StarOS	=20.0.2.v1
Cisco StarOS	=20.0.m0.62842
Cisco StarOS	=20.0.m0.63229
Cisco StarOS	=20.0.v0
Cisco StarOS	=21.0.0
Cisco StarOS	=21.0_base
Cisco StarOS	=21.0_m0.64246
Cisco StarOS	=21.0_m0.64702

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/last-modified-date
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/trending
vendor/cisco
canonical/cisco staros
version/cisco staros/11.0_base
version/cisco staros/12.0.0
version/cisco staros/12.1_base
version/cisco staros/12.2\(300\)
version/cisco staros/12.2_base
version/cisco staros/14.0\(600\)
version/cisco staros/14.0.0
version/cisco staros/15.0\(912\)
version/cisco staros/15.0\(935\)
version/cisco staros/15.0\(938\)
version/cisco staros/15.0_base
version/cisco staros/16.0\(900\)
version/cisco staros/16.0.0
version/cisco staros/16.1.0
version/cisco staros/16.1.1
version/cisco staros/16.1.2
version/cisco staros/16.5.0
version/cisco staros/16.5.2
version/cisco staros/17.2.0
version/cisco staros/17.2.0.59184
version/cisco staros/17.3.0
version/cisco staros/17.3.1
version/cisco staros/17.3_base
version/cisco staros/17.7.0
version/cisco staros/18.0.0
version/cisco staros/18.0.0.57828
version/cisco staros/18.0.0.59167
version/cisco staros/18.0.0.59211
version/cisco staros/18.0.l0.59219
version/cisco staros/18.1.0
version/cisco staros/18.1.0.59776
version/cisco staros/18.1.0.59780
version/cisco staros/18.1_base
version/cisco staros/18.3.0
version/cisco staros/18.3_base
version/cisco staros/18.4.0
version/cisco staros/19.0.1
version/cisco staros/19.0.m0.60737
version/cisco staros/19.0.m0.60828
version/cisco staros/19.0.m0.61045
version/cisco staros/19.1.0
version/cisco staros/19.1.0.61559
version/cisco staros/19.2.0
version/cisco staros/19.3.0
version/cisco staros/20.0.0
version/cisco staros/20.0.1.0
version/cisco staros/20.0.1.a0
version/cisco staros/20.0.1.v0
version/cisco staros/20.0.2.3
version/cisco staros/20.0.2.3.65026
version/cisco staros/20.0.2.v1
version/cisco staros/20.0.m0.62842
version/cisco staros/20.0.m0.63229
version/cisco staros/20.0.v0
version/cisco staros/21.0.0
version/cisco staros/21.0_base
version/cisco staros/21.0_m0.64246
version/cisco staros/21.0_m0.64702

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203