Sign-up

ID

VAR-201711-0299


CVE

CVE-2017-12243


TITLE

plural Cisco Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2017-009834

DESCRIPTION

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. Vendors have confirmed this vulnerability Bug ID CSCvf20741 and CSCvf60078 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Unified Computing System (UCS) Manager and other products are products of Cisco. The Cisco Unified Computing System (UCS) Manager is a set of embedded device management software. A command injection vulnerability exists in several Cisco products that stems from a program failing to properly validate strings entered in a shell application. Multiple Cisco Products are prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-12243 // JVNDB: JVNDB-2017-009834 // CNVD: CNVD-2017-32918 // BID: 101652 // VULHUB: VHN-102746

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32918

AFFECTED PRODUCTS

vendor:ciscomodel:firepower 9300 security appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:firepower 4100 next-generation firewallscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:firepower 4100 series next-generation firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower 9300 security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower series next-generation firewallscope:eqversion:4100

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:unified computing system 3.2scope:neversion: -

Trust: 0.6

vendor:ciscomodel:unified computing system managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 3.1 ascope: - version: -

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:90001.1(3.52)

Trust: 0.3

vendor:ciscomodel:firepower series next-generation firewallscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:900092.3(1.2259)

Trust: 0.3

sources: CNVD: CNVD-2017-32918 // BID: 101652 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12243
value: HIGH

Trust: 1.0

NVD: CVE-2017-12243
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32918
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-083
value: HIGH

Trust: 0.6

VULHUB: VHN-102746
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12243
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32918
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102746
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12243
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32918 // VULHUB: VHN-102746 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-102746 // JVNDB: JVNDB-2017-009834 // NVD: CVE-2017-12243

THREAT TYPE

local

Trust: 0.9

sources: BID: 101652 // CNNVD: CNNVD-201711-083

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009834

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-102746

PATCH
title:cisco-sa-20171101-arceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce
Trust: 0.8
title:Patches for multiple Cisco product command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/105519
Trust: 0.6
title:Multiple Cisco Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76086
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32918 // 
            
            
            
            JVNDB: JVNDB-2017-009834 // 
            
            
            
            CNNVD: CNNVD-201711-083

EXTERNAL IDS
db:NVDid:CVE-2017-12243
Trust: 3.4
db:BIDid:101652
Trust: 2.6
db:SECTRACKid:1039719
Trust: 1.7
db:JVNDBid:JVNDB-2017-009834
Trust: 0.8
db:CNNVDid:CNNVD-201711-083
Trust: 0.7
db:CNVDid:CNVD-2017-32918
Trust: 0.6
db:EXPLOIT-DBid:44052
Trust: 0.1
db:SEEBUGid:SSVID-96791
Trust: 0.1
db:VULHUBid:VHN-102746
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32918 // 
            
            
            
            VULHUB: VHN-102746 // 
            
            
            
            BID: 101652 // 
            
            
            
            JVNDB: JVNDB-2017-009834 // 
            
            
            
            CNNVD: CNNVD-201711-083 // 
            
            
            
            NVD: CVE-2017-12243

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-arce
Trust: 2.6
url:http://www.securityfocus.com/bid/101652
Trust: 1.7
url:http://www.securitytracker.com/id/1039719
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12243
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12243
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-32918 // 
            
            
            
            VULHUB: VHN-102746 // 
            
            
            
            BID: 101652 // 
            
            
            
            JVNDB: JVNDB-2017-009834 // 
            
            
            
            CNNVD: CNNVD-201711-083 // 
            
            
            
            NVD: CVE-2017-12243

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 101652

SOURCES
db:CNVDid:CNVD-2017-32918
db:VULHUBid:VHN-102746
db:BIDid:101652
db:JVNDBid:JVNDB-2017-009834
db:CNNVDid:CNNVD-201711-083
db:NVDid:CVE-2017-12243

LAST UPDATE DATE
2024-11-23T22:34:27.571000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32918date:2017-11-07T00:00:00
db:VULHUBid:VHN-102746date:2019-10-09T00:00:00
db:BIDid:101652date:2017-12-19T21:00:00
db:JVNDBid:JVNDB-2017-009834date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-083date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12243date:2024-11-21T03:09:06.650

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32918date:2017-11-07T00:00:00
db:VULHUBid:VHN-102746date:2017-11-02T00:00:00
db:BIDid:101652date:2017-11-01T00:00:00
db:JVNDBid:JVNDB-2017-009834date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-083date:2017-11-03T00:00:00
db:NVDid:CVE-2017-12243date:2017-11-02T16:29:00.193