Details of VAR-201704-1335

ID

VAR-201704-1335

CVE

CVE-2017-6597

TITLE

Cisco Unified Computing System Manager and Firepower Product local-mgmt CLI In command OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003065

DESCRIPTION

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Vendors have confirmed this vulnerability Bug ID CSCvb61394 and CSCvb86816 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Unified Computing System Manager is a set of embedded device management software. The Cisco Firepower 9300 Security Appliance is a security device from Cisco. A local attacker can exploit the vulnerability to execute arbitrary commands. This issue being tracked by Cisco Bug ID's CSCvb61394 and CSCvb86816. local-mgmt CLI is one of the command-line programs

Trust: 2.52

sources: NVD: CVE-2017-6597 // JVNDB: JVNDB-2017-003065 // CNVD: CNVD-2017-05212 // BID: 97476 // VULHUB: VHN-114800

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05212

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	2.0\(1.68\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.1\(1k\)a	Trust: 1.6
vendor:	cisco	model:	unified computing system manager	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	unified computing system 3.1 a	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	firepower series	scope:	eq	version:	90002.0(1.68)	Trust: 0.9
vendor:	cisco	model:	firepower extensible operating system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	4100	Trust: 0.6
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	41000	Trust: 0.3

sources: CNVD: CNVD-2017-05212 // BID: 97476 // JVNDB: JVNDB-2017-003065 // CNNVD: CNNVD-201704-433 // NVD: CVE-2017-6597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6597
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6597
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-05212
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-433
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114800
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6597
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05212
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114800
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6597
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-05212 // VULHUB: VHN-114800 // JVNDB: JVNDB-2017-003065 // CNNVD: CNNVD-201704-433 // NVD: CVE-2017-6597

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-114800 // JVNDB: JVNDB-2017-003065 // NVD: CVE-2017-6597

THREAT TYPE

local

Trust: 0.9

sources: BID: 97476 // CNNVD: CNNVD-201704-433

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201704-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003065

PATCH

title:	cisco-sa-20170405-cli	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli	Trust: 0.8
title:	Patches for multiple Cisco product local command execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/92530	Trust: 0.6
title:	Multiple Cisco product local-mgmt CLI Fix actions for commanding operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73815	Trust: 0.6

sources: CNVD: CNVD-2017-05212 // JVNDB: JVNDB-2017-003065 // CNNVD: CNNVD-201704-433

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6597	Trust: 3.4
db:	BID	id:	97476	Trust: 2.0
db:	SECTRACK	id:	1038195	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-003065	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-433	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05212	Trust: 0.6
db:	NSFOCUS	id:	36338	Trust: 0.6
db:	VULHUB	id:	VHN-114800	Trust: 0.1

sources: CNVD: CNVD-2017-05212 // VULHUB: VHN-114800 // BID: 97476 // JVNDB: JVNDB-2017-003065 // CNNVD: CNNVD-201704-433 // NVD: CVE-2017-6597

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cli	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6597	Trust: 1.4
url:	http://www.securityfocus.com/bid/97476	Trust: 1.1
url:	http://www.securitytracker.com/id/1038195	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6597	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36338	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-05212 // VULHUB: VHN-114800 // BID: 97476 // JVNDB: JVNDB-2017-003065 // CNNVD: CNNVD-201704-433 // NVD: CVE-2017-6597

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97476

SOURCES

db:	CNVD	id:	CNVD-2017-05212
db:	VULHUB	id:	VHN-114800
db:	BID	id:	97476
db:	JVNDB	id:	JVNDB-2017-003065
db:	CNNVD	id:	CNNVD-201704-433
db:	NVD	id:	CVE-2017-6597

LAST UPDATE DATE

2024-11-23T22:26:47.011000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05212	date:	2017-04-24T00:00:00
db:	VULHUB	id:	VHN-114800	date:	2017-07-12T00:00:00
db:	BID	id:	97476	date:	2017-04-11T02:20:00
db:	JVNDB	id:	JVNDB-2017-003065	date:	2017-05-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-433	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2017-6597	date:	2024-11-21T03:30:05.190

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05212	date:	2017-04-24T00:00:00
db:	VULHUB	id:	VHN-114800	date:	2017-04-07T00:00:00
db:	BID	id:	97476	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-003065	date:	2017-05-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-433	date:	2017-04-07T00:00:00
db:	NVD	id:	CVE-2017-6597	date:	2017-04-07T17:59:00.543