NVD

Id
85954  
Name
CVE-2017-6623  
Description
A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-05-27  
Published
2017-05-18  
Modified Date
2017-05-25  
Seq
2017-6623  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
422598 85954 CVE-2017-0354 http://nvidia.custhelp.com/app/answers/detail/a_id/4462  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67829 JVNDB-2017-004118 アプライアンス用 Cisco Policy Suite ソフトウェア配布の一部としてインストールされたスクリプトファイルにおける特権レベルを root に昇格される脆弱性 アプライアンス用 Cisco Policy Suite (CPS) ソフトウェア配布の一部としてインストールされたスクリプトファイルには、特権レベルを root に昇格される脆弱性が存在します。 CVE-2017-6623 0 CVE-2017-6623 85954 7.2 7.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004118.html 2017-05-17 2017-06-16 View