Sign-up

ID

VAR-201704-1336


CVE

CVE-2017-6598


TITLE

Cisco Unified Computing System Manager and Firepower Vulnerabilities related to authorization, authority, and access control in the product debug plug-in function

Trust: 0.8

sources: JVNDB: JVNDB-2017-003066

DESCRIPTION

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Vendors have confirmed this vulnerability Bug ID CSCvb86725 and CSCvb86797 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands as root. This issue is being tracked by Cisco Bug ID's CSCvb86725 and CSCvb86797. There are privilege escalation vulnerabilities in the debugging plug-in function of several Cisco products

Trust: 1.98

sources: NVD: CVE-2017-6598 // JVNDB: JVNDB-2017-003066 // BID: 97429 // VULHUB: VHN-114801

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:2.0\(1.68\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:3.1\(1k\)a

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 3.1 ascope: - version: -

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:90002.0(1.68)

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:900092.2(1.105)

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:900092.1(1.1733)

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:90002.1(1.69)

Trust: 0.3

sources: BID: 97429 // JVNDB: JVNDB-2017-003066 // CNNVD: CNNVD-201704-432 // NVD: CVE-2017-6598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6598
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6598
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-432
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114801
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6598
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114801
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6598
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114801 // JVNDB: JVNDB-2017-003066 // CNNVD: CNNVD-201704-432 // NVD: CVE-2017-6598

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114801 // JVNDB: JVNDB-2017-003066 // NVD: CVE-2017-6598

THREAT TYPE

local

Trust: 0.9

sources: BID: 97429 // CNNVD: CNNVD-201704-432

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-432

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003066

PATCH
title:cisco-sa-20170405-ucsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
Trust: 0.8
title:Multiple Cisco Product Privilege License and Access Control Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73814
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003066 // 
            
            
            
            CNNVD: CNNVD-201704-432

EXTERNAL IDS
db:NVDid:CVE-2017-6598
Trust: 2.8
db:BIDid:97429
Trust: 2.0
db:SECTRACKid:1038198
Trust: 1.7
db:JVNDBid:JVNDB-2017-003066
Trust: 0.8
db:CNNVDid:CNNVD-201704-432
Trust: 0.7
db:VULHUBid:VHN-114801
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114801 // 
            
            
            
            BID: 97429 // 
            
            
            
            JVNDB: JVNDB-2017-003066 // 
            
            
            
            CNNVD: CNNVD-201704-432 // 
            
            
            
            NVD: CVE-2017-6598

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ucs
Trust: 2.0
url:http://www.securityfocus.com/bid/97429
Trust: 1.7
url:http://www.securitytracker.com/id/1038198
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6598
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6598
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114801 // 
            
            
            
            BID: 97429 // 
            
            
            
            JVNDB: JVNDB-2017-003066 // 
            
            
            
            CNNVD: CNNVD-201704-432 // 
            
            
            
            NVD: CVE-2017-6598

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97429

SOURCES
db:VULHUBid:VHN-114801
db:BIDid:97429
db:JVNDBid:JVNDB-2017-003066
db:CNNVDid:CNNVD-201704-432
db:NVDid:CVE-2017-6598

LAST UPDATE DATE
2024-11-23T21:54:07.490000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114801date:2019-10-03T00:00:00
db:BIDid:97429date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2017-003066date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-432date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6598date:2024-11-21T03:30:05.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-114801date:2017-04-07T00:00:00
db:BIDid:97429date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-003066date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-432date:2017-04-07T00:00:00
db:NVDid:CVE-2017-6598date:2017-04-07T17:59:00.577