What is the severity of CVE-2017-6794?

The severity of CVE-2017-6794 is classified as critical.

How do I fix CVE-2017-6794?

To fix CVE-2017-6794, it is recommended to upgrade to the latest patched version of Cisco Meeting Server.

Who is affected by CVE-2017-6794?

Any authenticated user with administrator credentials on affected versions of Cisco Meeting Server can exploit CVE-2017-6794.

What versions are impacted by CVE-2017-6794?

CVE-2017-6794 affects Cisco Meeting Server versions 2.0.0 to 2.2.0.

What types of attacks can CVE-2017-6794 facilitate?

CVE-2017-6794 can facilitate command injection attacks, allowing privilege escalation to root.

Vulnerability/
CVE-2017-6794

high

7.2

CWE

20 77

7/9/2017

5/8/2024

CVE-2017-6794: Input Validation

First published: Thu Sep 07 2017(Updated: )

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Meeting Server	=2.0.0
Cisco Meeting Server	=2.0.1
Cisco Meeting Server	=2.0.2
Cisco Meeting Server	=2.0.3
Cisco Meeting Server	=2.0.4
Cisco Meeting Server	=2.0.5
Cisco Meeting Server	=2.0.6
Cisco Meeting Server	=2.0.7
Cisco Meeting Server	=2.0.8
Cisco Meeting Server	=2.0.9
Cisco Meeting Server	=2.0.10
Cisco Meeting Server	=2.0.11
Cisco Meeting Server	=2.0.12
Cisco Meeting Server	=2.0.13
Cisco Meeting Server	=2.0.14
Cisco Meeting Server	=2.0.15
Cisco Meeting Server	=2.0.16
Cisco Meeting Server	=2.1.0
Cisco Meeting Server	=2.1.1
Cisco Meeting Server	=2.1.2
Cisco Meeting Server	=2.1.3
Cisco Meeting Server	=2.1.4
Cisco Meeting Server	=2.1.5
Cisco Meeting Server	=2.1.6
Cisco Meeting Server	=2.1.7
Cisco Meeting Server	=2.1.8
Cisco Meeting Server	=2.1.9
Cisco Meeting Server	=2.1.10
Cisco Meeting Server	=2.1.11
Cisco Meeting Server	=2.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6794?
The severity of CVE-2017-6794 is classified as critical.
How do I fix CVE-2017-6794?
To fix CVE-2017-6794, it is recommended to upgrade to the latest patched version of Cisco Meeting Server.
Who is affected by CVE-2017-6794?
Any authenticated user with administrator credentials on affected versions of Cisco Meeting Server can exploit CVE-2017-6794.
What versions are impacted by CVE-2017-6794?
CVE-2017-6794 affects Cisco Meeting Server versions 2.0.0 to 2.2.0.
What types of attacks can CVE-2017-6794 facilitate?
CVE-2017-6794 can facilitate command injection attacks, allowing privilege escalation to root.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/trending
agent/tags
agent/source
vendor/cisco
canonical/cisco meeting server
version/cisco meeting server/2.0.0
version/cisco meeting server/2.0.1
version/cisco meeting server/2.0.2
version/cisco meeting server/2.0.3
version/cisco meeting server/2.0.4
version/cisco meeting server/2.0.5
version/cisco meeting server/2.0.6
version/cisco meeting server/2.0.7
version/cisco meeting server/2.0.8
version/cisco meeting server/2.0.9
version/cisco meeting server/2.0.10
version/cisco meeting server/2.0.11
version/cisco meeting server/2.0.12
version/cisco meeting server/2.0.13
version/cisco meeting server/2.0.14
version/cisco meeting server/2.0.15
version/cisco meeting server/2.0.16
version/cisco meeting server/2.1.0
version/cisco meeting server/2.1.1
version/cisco meeting server/2.1.2
version/cisco meeting server/2.1.3
version/cisco meeting server/2.1.4
version/cisco meeting server/2.1.5
version/cisco meeting server/2.1.6
version/cisco meeting server/2.1.7
version/cisco meeting server/2.1.8
version/cisco meeting server/2.1.9
version/cisco meeting server/2.1.10
version/cisco meeting server/2.1.11
version/cisco meeting server/2.2.0

CVE-2017-6794: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6794?

How do I fix CVE-2017-6794?

Who is affected by CVE-2017-6794?

What versions are impacted by CVE-2017-6794?

What types of attacks can CVE-2017-6794 facilitate?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-6794?

How do I fix CVE-2017-6794?

Who is affected by CVE-2017-6794?

What versions are impacted by CVE-2017-6794?

What types of attacks can CVE-2017-6794 facilitate?