Remote Command Injection Vulnerability in Cisco Firepower Devices
CVE-2017-12277

8.8HIGH

Key Information:

Vendor

Cisco
Status
Cisco Firepower 4100 Series Ngfw And Firepower 9300 Security Appliance
Vendor
CVE Published:
2 November 2017

What is CVE-2017-12277?

A significant vulnerability has been identified in the Smart Licensing Manager service of Cisco's Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. This issue stems from inadequate input validation on certain Smart Licensing configuration parameters, allowing an authenticated remote attacker to inject and execute arbitrary commands with root privileges. By configuring a malicious URL within the affected service, an attacker may exploit this vulnerability. This incomplete validation creates a high risk for systems running specific FX-OS code versions. Mitigation strategies should be employed promptly to address this vulnerability and secure affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance

References

http://www.securityfocus.com/bid/101661
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.