PT-2017-1793 · Cisco · Cisco Firepower Extensible Operating System+2
Published
2017-04-07
·
Updated
2019-10-03
·
CVE-2017-6598
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Firepower Extensible Operating System versions prior to 92.2(1.105)
Cisco Unified Computing System Central versions prior to 2.1(1.69)
Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions 2.0(1.68) through 3.1(1k)A
Description
The issue is related to insufficient access control in the debug plug-in functionality of the affected systems, which could allow an authenticated, local attacker to execute arbitrary commands. This is a privilege escalation issue.
Recommendations
For Cisco Firepower Extensible Operating System versions prior to 92.2(1.105), update to version 92.2(1.105) or later.
For Cisco Unified Computing System Central versions prior to 2.1(1.69), update to version 2.1(1.69) or later.
For Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions 2.0(1.68) through 3.1(1k)A, update to a fixed release.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower Extensible Operating System
Cisco Unified Computing System Central