CVE-2017-12277

Name of the Vulnerable Software and Affected Versions Cisco Firepower Security products running FX-OS versions 1.1.3 through 2.0.1

Description The issue exists due to insufficient input validation of certain Smart Licensing configuration parameters in the Smart Licensing Manager service. This could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.

Recommendations For versions 1.1.3, 1.1.4, and 2.0.1, consider disabling the Smart Licensing Manager service until a patch is available to prevent exploitation. Restrict access to the Smart Licensing configuration parameters to minimize the risk of arbitrary command execution. Avoid using malicious URLs within the affected feature to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.