Medium severity5.3NVD Advisory· Published Aug 17, 2017· Updated May 13, 2026

CVE-2017-6781

Description

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.

Affected products

Cisco Systems, Inc./Policy Suitev56 versions
9.0.0+ 5 more
- (no CPE)range: 9.0.0
- cpe:2.3:a:cisco:policy_suite:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:policy_suite:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:policy_suite:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:policy_suite:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:policy_suite:12.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100365nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpsnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000