ID

VAR-201711-0299


CVE

CVE-2017-12243


TITLE

plural Cisco Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2017-009834

DESCRIPTION

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. Vendors have confirmed this vulnerability Bug ID CSCvf20741 and CSCvf60078 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Unified Computing System (UCS) Manager and other products are products of Cisco. The Cisco Unified Computing System (UCS) Manager is a set of embedded device management software. A command injection vulnerability exists in several Cisco products that stems from a program failing to properly validate strings entered in a shell application. Multiple Cisco Products are prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-12243 // JVNDB: JVNDB-2017-009834 // CNVD: CNVD-2017-32918 // BID: 101652 // VULHUB: VHN-102746

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32918

AFFECTED PRODUCTS

vendor:ciscomodel:firepower 9300 security appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:firepower 4100 next-generation firewallscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:firepower 4100 series next-generation firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower 9300 security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower series next-generation firewallscope:eqversion:4100

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:unified computing system 3.2scope:neversion: -

Trust: 0.6

vendor:ciscomodel:unified computing system managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 3.1 ascope: - version: -

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:90001.1(3.52)

Trust: 0.3

vendor:ciscomodel:firepower series next-generation firewallscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:neversion:900092.3(1.2259)

Trust: 0.3

sources: CNVD: CNVD-2017-32918 // BID: 101652 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12243
value: HIGH

Trust: 1.0

NVD: CVE-2017-12243
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32918
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-083
value: HIGH

Trust: 0.6

VULHUB: VHN-102746
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12243
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32918
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102746
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12243
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32918 // VULHUB: VHN-102746 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-102746 // JVNDB: JVNDB-2017-009834 // NVD: CVE-2017-12243

THREAT TYPE

local

Trust: 0.9

sources: BID: 101652 // CNNVD: CNNVD-201711-083

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-083

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009834

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-102746

PATCH

title:cisco-sa-20171101-arceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce

Trust: 0.8

title:Patches for multiple Cisco product command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/105519

Trust: 0.6

title:Multiple Cisco Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76086

Trust: 0.6

sources: CNVD: CNVD-2017-32918 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083

EXTERNAL IDS

db:NVDid:CVE-2017-12243

Trust: 3.4

db:BIDid:101652

Trust: 2.6

db:SECTRACKid:1039719

Trust: 1.7

db:JVNDBid:JVNDB-2017-009834

Trust: 0.8

db:CNNVDid:CNNVD-201711-083

Trust: 0.7

db:CNVDid:CNVD-2017-32918

Trust: 0.6

db:EXPLOIT-DBid:44052

Trust: 0.1

db:SEEBUGid:SSVID-96791

Trust: 0.1

db:VULHUBid:VHN-102746

Trust: 0.1

sources: CNVD: CNVD-2017-32918 // VULHUB: VHN-102746 // BID: 101652 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-arce

Trust: 2.6

url:http://www.securityfocus.com/bid/101652

Trust: 1.7

url:http://www.securitytracker.com/id/1039719

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12243

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12243

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2017-32918 // VULHUB: VHN-102746 // BID: 101652 // JVNDB: JVNDB-2017-009834 // CNNVD: CNNVD-201711-083 // NVD: CVE-2017-12243

CREDITS

Cisco.

Trust: 0.3

sources: BID: 101652

SOURCES

db:CNVDid:CNVD-2017-32918
db:VULHUBid:VHN-102746
db:BIDid:101652
db:JVNDBid:JVNDB-2017-009834
db:CNNVDid:CNNVD-201711-083
db:NVDid:CVE-2017-12243

LAST UPDATE DATE

2024-08-14T13:56:26.941000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-32918date:2017-11-07T00:00:00
db:VULHUBid:VHN-102746date:2019-10-09T00:00:00
db:BIDid:101652date:2017-12-19T21:00:00
db:JVNDBid:JVNDB-2017-009834date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-083date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12243date:2019-10-09T23:22:44.043

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-32918date:2017-11-07T00:00:00
db:VULHUBid:VHN-102746date:2017-11-02T00:00:00
db:BIDid:101652date:2017-11-01T00:00:00
db:JVNDBid:JVNDB-2017-009834date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-083date:2017-11-03T00:00:00
db:NVDid:CVE-2017-12243date:2017-11-02T16:29:00.193