Arbitrary Code Execution Vulnerability in Cisco FireSIGHT System Software
CVE-2017-6735

6.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Firesight System Software
Vendor
CVE Published:
10 July 2017

Summary

A vulnerability exists in the backup and restore functions of Cisco FireSIGHT System Software that permits an authenticated local attacker to execute arbitrary code on the system. This flaw can be exploited under specific conditions by leveraging improper validation within these functionalities, potentially compromising the integrity and confidentiality of the affected system.

Affected Version(s)

Cisco FireSIGHT System Software Cisco FireSIGHT System Software

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038826
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99460
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.