A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.
The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2uqqTS3 A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.
The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2uqqTS3
Security Impact Rating: High
CVE: CVE-2017-6708
from Cisco Security Advisory http://ift.tt/2uqqTS3
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.