Sign-up

ID

VAR-201704-1338


CVE

CVE-2017-6600


TITLE

Cisco Unified Computing System Manager and Firepower Product CLI Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003067

DESCRIPTION

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Vendors have confirmed this vulnerability Bug ID CSCvb61351 and CSCvb61637 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary shell commands. This issue being tracked by Cisco Bug ID CSCvb61351 and CSCvb61637

Trust: 1.98

sources: NVD: CVE-2017-6600 // JVNDB: JVNDB-2017-003067 // BID: 97439 // VULHUB: VHN-114803

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:2.0\(1.68\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:3.1\(1k\)a

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 3.1 ascope: - version: -

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:90002.0(1.68)

Trust: 0.3

vendor:ciscomodel:firepower series next-generation firewallscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:900092.2(1.101)

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:90002.0(1.82)

Trust: 0.3

sources: BID: 97439 // JVNDB: JVNDB-2017-003067 // CNNVD: CNNVD-201704-430 // NVD: CVE-2017-6600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6600
value: HIGH

Trust: 1.0

NVD: CVE-2017-6600
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-430
value: HIGH

Trust: 0.6

VULHUB: VHN-114803
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6600
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114803
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6600
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114803 // JVNDB: JVNDB-2017-003067 // CNNVD: CNNVD-201704-430 // NVD: CVE-2017-6600

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-114803 // JVNDB: JVNDB-2017-003067 // NVD: CVE-2017-6600

THREAT TYPE

local

Trust: 0.9

sources: BID: 97439 // CNNVD: CNNVD-201704-430

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201704-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003067

PATCH
title:cisco-sa-20170405-ucs1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1
Trust: 0.8
title:Multiple Cisco Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73813
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003067 // 
            
            
            
            CNNVD: CNNVD-201704-430

EXTERNAL IDS
db:NVDid:CVE-2017-6600
Trust: 2.8
db:BIDid:97439
Trust: 2.0
db:SECTRACKid:1038199
Trust: 1.7
db:JVNDBid:JVNDB-2017-003067
Trust: 0.8
db:CNNVDid:CNNVD-201704-430
Trust: 0.7
db:VULHUBid:VHN-114803
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114803 // 
            
            
            
            BID: 97439 // 
            
            
            
            JVNDB: JVNDB-2017-003067 // 
            
            
            
            CNNVD: CNNVD-201704-430 // 
            
            
            
            NVD: CVE-2017-6600

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ucs1
Trust: 2.0
url:http://www.securityfocus.com/bid/97439
Trust: 1.7
url:http://www.securitytracker.com/id/1038199
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6600
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6600
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114803 // 
            
            
            
            BID: 97439 // 
            
            
            
            JVNDB: JVNDB-2017-003067 // 
            
            
            
            CNNVD: CNNVD-201704-430 // 
            
            
            
            NVD: CVE-2017-6600

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97439

SOURCES
db:VULHUBid:VHN-114803
db:BIDid:97439
db:JVNDBid:JVNDB-2017-003067
db:CNNVDid:CNNVD-201704-430
db:NVDid:CVE-2017-6600

LAST UPDATE DATE
2024-11-23T22:49:06.206000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114803date:2019-10-03T00:00:00
db:BIDid:97439date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2017-003067date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-430date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6600date:2024-11-21T03:30:05.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-114803date:2017-04-07T00:00:00
db:BIDid:97439date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-003067date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-430date:2017-04-07T00:00:00
db:NVDid:CVE-2017-6600date:2017-04-07T17:59:00.637