Command Injection Vulnerability in Cisco Unified Computing System Manager and Firepower Appliances
CVE-2017-6602

4.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ucs Manager, Cisco Firepower 4100 Series Ngfw, And Cisco Firepower 9300 Security Appliance
Vendor
CVE Published:
7 April 2017

Summary

A command injection vulnerability exists within the CLI of Cisco Unified Computing System (UCS) Manager and Firepower appliances. An authenticated local attacker could exploit this flaw to execute arbitrary commands on the underlying operating system with the privileges of the affected application. Specially crafted input could be sent to the affected system, leading to potential unauthorized access or system compromise. This vulnerability affects multiple versions of the UCS Manager and certain releases of Cisco Firepower 4100 and 9300 series appliances, necessitating prompt remediation to safeguard system integrity.

Affected Version(s)

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance

References

http://www.securitytracker.com/id/1038197
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97472
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.