PT-2017-1790 · Cisco · Cisco Unified Computing System (Ucs) Manager+2
Published
2017-04-07
·
Updated
2019-10-03
·
CVE-2017-6601
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Computing System (UCS) Manager versions prior to 92.2(1.101)
Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101)
Cisco Firepower 9300 Security Appliance versions prior to 92.2(1.101)
Description
A command injection attack is possible due to a vulnerability in the CLI of the affected systems, allowing an authenticated, local attacker to inject arbitrary commands. This issue is related to the lack of input validation measures.
Recommendations
For Cisco Unified Computing System (UCS) Manager version 2.0(1.68), update to version 92.2(1.101) or later.
For Cisco Unified Computing System (UCS) Manager version 3.1(1k)A, update to version 92.2(1.101) or later.
For Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101), update to version 92.2(1.101) or later.
For Cisco Firepower 9300 Security Appliance versions prior to 92.2(1.101), update to version 92.2(1.101) or later.
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance
Cisco Unified Computing System (Ucs) Manager