Lucene search

CiscoCVE-2017-6602

HistoryApr 07, 2017 - 5:59 p.m.

CVE-2017-6602

2017-04-0717:59:00

CWE-78

cisco

web.nvd.nist.gov

security

vulnerability

cisco

ucs manager

firepower

ngfw

command injection

cli

nvd

cve-2017-6602

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).

Affected configurations

Nvd

Node

ciscofirepower_extensible_operating_systemMatch2.0\(1.68\)

ciscounified_computing_systemMatch3.1\(1k\)a

VendorProductVersionCPE
ciscofirepower_extensible_operating_system2.0(1.68)cpe:2.3:a:cisco:firepower_extensible_operating_system:2.0\(1.68\):*:*:*:*:*:*:*
ciscounified_computing_system3.1(1k)acpe:2.3:a:cisco:unified_computing_system:3.1\(1k\)a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_extensible_operating_system	2.0(1.68)	cpe:2.3:a:cisco:firepower_extensible_operating_system:2.0\(1.68\):::::::*
cisco	unified_computing_system	3.1(1k)a	cpe:2.3:a:cisco:unified_computing_system:3.1\(1k\)a:::::::*

CNA Affected

[
  {
    "product": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97472

www.securitytracker.com/id/1038197

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2

Social References

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2017-6602