CVE-2017-6708

CVE Database · CVE-2017-6708

CVE-2017-6708

· N/AModified

CVSS v3.1

N/A

EPSS

1.46%

Published

Jul 5, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.

Weaknesses (CWE)

CWE-200CWE-200

Affected Products (1)

cisco · ultra_services_frameworkvulnerable

References (4)

http://www.securityfocus.com/bid/99512

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1

Vendor Advisory

http://www.securityfocus.com/bid/99512

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs