CVE-2017-6597

Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) Manager versions prior to 2.0(1.115) Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) versions prior to 92.2(1.101) Cisco Firepower 9300 Security Appliance versions prior to 92.1(1.1658)

Description A command injection vulnerability exists in the local-mgmt CLI command of the affected systems, allowing an authenticated, local attacker to inject arbitrary commands. This could be exploited due to insufficient neutralization of special elements used in the operating system command.

Recommendations For Cisco Unified Computing System (UCS) Manager version 2.0(1.68), update to version 2.0(1.115) or later. For Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) version 3.1(1k)A, update to version 92.2(1.101) or later. For Cisco Firepower 9300 Security Appliance, update to version 92.1(1.1658) or later.