PT-2017-16111 · Cisco · Cisco Firepower 9300 Security Appliance+1
Published
2017-02-03
·
Updated
2017-02-27
·
CVE-2017-3806
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance version 2.0(1.68)
Description
A vulnerability in CLI command processing could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
Recommendations
For version 2.0(1.68), update to version 2.0(1.118) or later to resolve the issue.
For versions prior to 2.1(1.47), update to version 2.1(1.47) or later to resolve the issue.
For versions 92.1 prior to (1.1646), update to version 92.1(1.1646) or later to resolve the issue.
For versions 92.1 prior to (1.1763), update to version 92.1(1.1763) or later to resolve the issue.
For versions 92.2 prior to (1.101), update to version 92.2(1.101) or later to resolve the issue.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance