PT-2017-1794 · Cisco · Cisco Unified Computing System (Ucs) Manager+2

Publicado

2017-04-07

·

Atualizado

2017-07-12

·

CVE-2017-6597

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) Manager versions prior to 2.0(1.115) Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101) Cisco Firepower 9300 Security Appliance versions prior to 92.1(1.1658)
Description A command injection vulnerability exists in the local-mgmt CLI command of the affected systems, allowing an authenticated, local attacker to inject arbitrary commands. This could be exploited due to insufficient neutralization of special elements used in the operating system command.
Recommendations For Cisco Unified Computing System (UCS) Manager version 2.0(1.68), update to version 2.0(1.115) or later. For Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) version 3.1(1k)A, update to version 92.2(1.101) or later. For Cisco Firepower 9300 Security Appliance, update to version 92.1(1.1658) or later.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2017-00950
CVE-2017-6597

Produtos afetados

Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance
Cisco Unified Computing System (Ucs) Manager