CVE-2017-6690
MEDIUMCisco ASR 5000 Series StarOS - Authenticated Arbitrary File Write via File Check Operation
Title source: llmDescription
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98998
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038634
Scores
CVSS v3
4.9
EPSS
0.0128
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (3)
cisco/asr_5000_software
21.0.v0.65839
cisco/asr_5000_software
21.3.m0.67005
n/a/Cisco StarOS
Cisco StarOS
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026