CVE-2017-6795
Summary
| CVE | CVE-2017-6795 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-09-07 21:29:00 UTC |
| Updated | 2019-10-09 23:29:00 UTC |
| Description | A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Asr-920-10sz-pd | - | All | All | All |
| Hardware | Cisco | Asr-920-10sz-pd | - | All | All | All |
| Hardware | Cisco | Asr-920-12cz-a | - | All | All | All |
| Hardware | Cisco | Asr-920-12cz-a | - | All | All | All |
| Hardware | Cisco | Asr-920-12sz-im | - | All | All | All |
| Hardware | Cisco | Asr-920-12sz-im | - | All | All | All |
| Hardware | Cisco | Asr-920-24sz-im | - | All | All | All |
| Hardware | Cisco | Asr-920-24sz-im | - | All | All | All |
| Hardware | Cisco | Asr-920-24sz-m | - | All | All | All |
| Hardware | Cisco | Asr-920-24sz-m | - | All | All | All |
| Hardware | Cisco | Asr-920-24tz-m | - | All | All | All |
| Hardware | Cisco | Asr-920-24tz-m | - | All | All | All |
| Hardware | Cisco | Asr-920-4sz-d | - | All | All | All |
| Hardware | Cisco | Asr-920-4sz-d | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-d | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-d | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-a | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-a | - | All | All | All |
| Operating System | Cisco | Ios Xe | - | All | All | All |
| Operating System | Cisco | Ios Xe | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XE on ASR 920 Series Router Input Validation Flaw in USB Modem Command Lets Local Users Overwrite Files on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.