Vulnerability Details : CVE-2017-6794
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830.
Vulnerability category: Input validation
Products affected by CVE-2017-6794
- cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:meeting_server:2.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6794
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6794
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2017-6794
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6794
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms
Cisco Meeting Server Command Injection and Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1039245
Cisco Meeting Server CLI Input Validation Flaw Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/100464
Cisco Meeting Server CVE-2017-6794 Local Command Injection and Privilege Escalation VulnerabilitiesThird Party Advisory;VDB Entry
Jump to