====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN205
_____________________________________________________________________

DATE                : 06/07/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Ultra Services Framework
                                   Staging Server.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3
____________________________________________________________________

Cisco Security Advisory: Cisco Ultra Services Framework Staging Server
Arbitrary Command Execution Vulnerability

Advisory ID: cisco-sa-20170705-usf3

Revision: 1.0

For Public Release: 2017 July 5 16:00 GMT

Last Updated: 2017 July 5 16:00 GMT

CVE ID(s): CVE-2017-6714

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the AutoIT service of Cisco Ultra Services Framework
Staging Server could allow an unauthenticated, remote attacker to
execute arbitrary shell commands as the Linux root user.

The vulnerability is due to improper shell invocations. An attacker
could exploit this vulnerability by crafting CLI command inputs to
execute Linux shell commands as the root user. An exploit could allow
the attacker to execute arbitrary shell commands as the Linux root user.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================