CVE-2017-6667
CRITICALCisco Context Service SDK - Unauthenticated Remote Code Execution via Dynamic JAR File Update
Title source: llmDescription
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ccs
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98978
Scores
CVSS v3
9.8
EPSS
0.0484
EPSS Percentile
90.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
cisco/context_service_development_kit
2.0
n/a/Cisco Context Service SDK
Cisco Context Service SDK
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026