PT-2017-1790 · Cisco · Cisco Unified Computing System (Ucs) Manager+2
Publicado
2017-04-07
·
Atualizado
2019-10-03
·
CVE-2017-6601
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Computing System (UCS) Manager versions prior to 92.2(1.101)
Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101)
Cisco Firepower 9300 Security Appliance versions prior to 92.2(1.101)
Description
A command injection attack is possible due to a vulnerability in the CLI of the affected systems, allowing an authenticated, local attacker to inject arbitrary commands. This issue is related to the lack of input validation measures.
Recommendations
For Cisco Unified Computing System (UCS) Manager version 2.0(1.68), update to version 92.2(1.101) or later.
For Cisco Unified Computing System (UCS) Manager version 3.1(1k)A, update to version 92.2(1.101) or later.
For Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101), update to version 92.2(1.101) or later.
For Cisco Firepower 9300 Security Appliance versions prior to 92.2(1.101), update to version 92.2(1.101) or later.
Correção
OS Command Injection
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance
Cisco Unified Computing System (Ucs) Manager