VAR-201709-1173
Vulnerability from variot - Updated: 2025-04-20 23:25A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830. Vendors have confirmed this vulnerability Bug ID CSCvf53830 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "meeting server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "2.0.2"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.16"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.13"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1.3"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.15"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.10"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.11"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1.2"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.14"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.12"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0.7"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.1"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.5"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.7"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.4"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.9"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.8"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.9"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.8"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.5"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.4"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.6"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.10"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.11"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.0"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.6"
},
{
"model": "meeting server",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "100464"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:meeting_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "100464"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6794",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-114997",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-6794",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6794",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6794",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-527",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114997",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114997"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830. Vendors have confirmed this vulnerability Bug ID CSCvf53830 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6794"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "BID",
"id": "100464"
},
{
"db": "VULHUB",
"id": "VHN-114997"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6794",
"trust": 2.8
},
{
"db": "BID",
"id": "100464",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039245",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114997",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114997"
},
{
"db": "BID",
"id": "100464"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"id": "VAR-201709-1173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114997"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:56.975000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170823-cms",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms"
},
{
"title": "Cisco Meeting Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99678"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
},
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114997"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170823-cms"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100464"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039245"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6794"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6794"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114997"
},
{
"db": "BID",
"id": "100464"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114997"
},
{
"db": "BID",
"id": "100464"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-114997"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100464"
},
{
"date": "2017-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"date": "2017-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"date": "2017-09-07T21:29:00.910000",
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114997"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100464"
},
{
"date": "2017-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007832"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-527"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6794"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100464"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Meeting Server Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-527"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…