RCE in Cisco Meeting_server
CVE-2017-6794
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the applicatio…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.008 (53.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Meeting_server — versions 2.0.0, 2.0.1, 2.0.2
- N/a Cisco Meeting Server — versions Cisco Meeting Server
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-6794?
- CVE-2017-6794 is a medium-severity vulnerability in Cisco Meeting_server, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2017-09-07.
- How severe is CVE-2017-6794?
- Medium severity. CVSS v3 base score is 6.7 out of 10.