CVE-2017-6708

CRITICAL

Cisco Ultra Services Framework < 5.0.2 - Unauthenticated Sensitive File Read via Symlink Creation

Title source: llm
STIX 2.1

Description

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99512

Scores

CVSS v3 9.8
EPSS 0.0146
EPSS Percentile 70.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
cisco/ultra_services_framework < 5.0.2
n/a/Cisco Ultra Services Framework Cisco Ultra Services Framework
Published Jul 06, 2017
Tracked Since Feb 18, 2026