CVE-2017-6667

CRITICAL

Cisco Context Service SDK - Unauthenticated Remote Code Execution via Dynamic JAR File Update

Title source: llm
STIX 2.1

Description

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98978

Scores

CVSS v3 9.8
EPSS 0.0484
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
cisco/context_service_development_kit 2.0
n/a/Cisco Context Service SDK Cisco Context Service SDK
Published Jun 13, 2017
Tracked Since Feb 18, 2026