How severe is CVE-2017-6707?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2017-6707?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2017-6707

HIGH Year: 2017

CVSS v3 Score

8.2

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-78

View all →

Vulnerability Description

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.

CVE-2017-11322

HIGH

CVSS:8.2(High)

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.

CWE-782017

CVE-2018-3969

HIGH

CVSS:8.2(High)

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and...

CWE-782018

CVE-2019-10799

HIGH

CVSS:8.2(High)

compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.

CWE-782019

CVE-2021-21809

HIGH

CVSS:8.2(High)

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have admi...

CWE-782021

CVE-2021-23012

HIGH

CVSS:8.2(High)

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow u...

CWE-782021

CVE-2021-28634

HIGH

CVSS:8.2(High)

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Comm...

CWE-782021

CVE-2017-6707

Vulnerability Description

Related Vulnerabilities

CVE-2017-11322

CVE-2018-3969

CVE-2019-10799

CVE-2021-21809

CVE-2021-23012

CVE-2021-28634