The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. A successful exploit could allow the attacker to break from the StarOS CLI and execute arbitrary commands on the affected system as a Linux root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2thbhSF
The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. A successful exploit could allow the attacker to break from the StarOS CLI and execute arbitrary commands on the affected system as a Linux root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2thbhSF
Security Impact Rating: High
CVE: CVE-2017-6707
from Cisco Security Advisory http://ift.tt/2thbhSF
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.