CVE-2017-6714
CRITICALCisco Ultra Services Framework Staging Server <5.0.3-5.1 - RCE
Title source: llmDescription
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99436
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3
Scores
CVSS v3
9.8
EPSS
0.0420
EPSS Percentile
89.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
cisco/ultra_services_framework_staging_server
< 5.0.2
n/a/Cisco Ultra Services Framework
Cisco Ultra Services Framework
Published
Jul 06, 2017
Tracked Since
Feb 18, 2026