Command Injection Vulnerability in Cisco UCS Manager and Firepower Series
CVE-2017-6600

7.8HIGH

Key Information:

Vendor

Cisco
Status
Cisco Ucs Manager, Cisco Firepower 4100 Series Ngfw, And Cisco Firepower 9300 Security Appliance
Vendor
CVE Published:
7 April 2017

What is CVE-2017-6600?

The CLI of Cisco Unified Computing System (UCS) Manager and Cisco Firepower 4100 and 9300 Series appliances has a vulnerability that enables an authenticated local attacker to perform command injection. This weakness could lead to unauthorized execution of arbitrary commands within the affected systems. Versions up to Cisco UCS Manager 2.0(1.68) and Firepower 3.1(1k)A are impacted, emphasizing the need for immediate updates to resolved versions for security.

Affected Version(s)

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance

References

http://www.securitytracker.com/id/1038199
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97439
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.