CVE-2017-6714

CRITICAL

Cisco Ultra Services Framework Staging Server <5.0.3-5.1 - RCE

Title source: llm
STIX 2.1

Description

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99436

Scores

CVSS v3 9.8
EPSS 0.0420
EPSS Percentile 89.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
cisco/ultra_services_framework_staging_server < 5.0.2
n/a/Cisco Ultra Services Framework Cisco Ultra Services Framework
Published Jul 06, 2017
Tracked Since Feb 18, 2026