Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12243

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

Published

2017-11-02T16:29:00.193

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-78
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco unified_computing_system_manager_firmware - Yes
Hardware cisco unified_computing_system_manager - No
Operating System cisco firepower_9300_security_appliance_firmware - Yes
Hardware cisco firepower_9300_security_appliance - No
Operating System cisco firepower_4100_next-generation_firewall_firmware - Yes
Hardware cisco firepower_4110_next-generation_firewall - No
Hardware cisco firepower_4120_next-generation_firewall - No
Hardware cisco firepower_4140_next-generation_firewall - No
Hardware cisco firepower_4150_next-generation_firewall - No
References