Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Policy Suite by Cisco Systems, Inc.

    CVE-2017-6781 (GCVE-0-2017-6781)

    Vulnerability from nvd – Published: 2017-08-17 20:00 – Updated: 2024-09-17 02:15
    VLAI
    Summary
    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100365 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Policy Suite Affected: 9.0.0
    Affected: 9.1.0
    Affected: 10.0.0
    Affected: 11.0.0
    Affected: 12.0.0
    Create a notification for this product.
    Date Public
    2017-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.326Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100365"
              },
              {
                "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Policy Suite",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.0"
                },
                {
                  "status": "affected",
                  "version": "9.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-18T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "100365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100365"
            },
            {
              "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2017-08-16T00:00:00",
              "ID": "CVE-2017-6781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Policy Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.0.0"
                              },
                              {
                                "version_value": "9.1.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "11.0.0"
                              },
                              {
                                "version_value": "12.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco Systems, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100365"
                },
                {
                  "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6781",
        "datePublished": "2017-08-17T20:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:15:39.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6781 (GCVE-0-2017-6781)

    Vulnerability from cvelistv5 – Published: 2017-08-17 20:00 – Updated: 2024-09-17 02:15
    VLAI
    Summary
    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100365 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Policy Suite Affected: 9.0.0
    Affected: 9.1.0
    Affected: 10.0.0
    Affected: 11.0.0
    Affected: 12.0.0
    Create a notification for this product.
    Date Public
    2017-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.326Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100365"
              },
              {
                "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Policy Suite",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.0"
                },
                {
                  "status": "affected",
                  "version": "9.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "12.0.0"
                }
              ]
            }
          ],
          "datePublic": "2017-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-18T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "100365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100365"
            },
            {
              "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2017-08-16T00:00:00",
              "ID": "CVE-2017-6781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Policy Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.0.0"
                              },
                              {
                                "version_value": "9.1.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "11.0.0"
                              },
                              {
                                "version_value": "12.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco Systems, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100365"
                },
                {
                  "name": "20170816 Cisco Policy Suite Privilege Escalation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6781",
        "datePublished": "2017-08-17T20:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:15:39.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }