QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-6708

Back to search

CVE-2017-6708

Published: Jul 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.

VendorProductVersions

n/a

Cisco Ultra Services Framework

affected
Cisco Ultra Services Framework

Weaknesses (CWE)

CWE-200

References

99512
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now