Home Unlabelled Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability

Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability

By
Wednesday, July 05, 2017
Read
Add Comment
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.

The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2uqqTS3 A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.

The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2uqqTS3
Security Impact Rating: High
CVE: CVE-2017-6708

from Cisco Security Advisory http://ift.tt/2uqqTS3
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us