What is CVE-2017-6707?

CVE-2017-6707 is a high-severity vulnerability in Cisco Staros, classified under OS Command Injection. CVSS score: 8.2/10. Published 2017-07-06.

How severe is CVE-2017-6707?

High severity. CVSS v3 base score is 8.2 out of 10.

RCE in Cisco Staros

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenti…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (47.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Staros — versions 11.0_base, 12.0.0, 12.1_base
N/a Cisco Staros — versions Cisco StarOS

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@cisco.com (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-6707?: CVE-2017-6707 is a high-severity vulnerability in Cisco Staros, classified under OS Command Injection. CVSS score: 8.2/10. Published 2017-07-06.
How severe is CVE-2017-6707?: High severity. CVSS v3 base score is 8.2 out of 10.