Details of VAR-201711-0306

ID

VAR-201711-0306

CVE

CVE-2017-12277

TITLE

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009840

DESCRIPTION

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. Vendors have confirmed this vulnerability Bug ID CSCvb86863 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SmartLicensingManagerservice is one of the license intelligent management services. Multiple Cisco Products are prone to a remote command-injection vulnerability

Trust: 2.52

sources: NVD: CVE-2017-12277 // JVNDB: JVNDB-2017-009840 // CNVD: CNVD-2017-32929 // BID: 101661 // VULHUB: VHN-102783

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32929

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lte	version:	1.1.3	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	4100	Trust: 0.6
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	eq	version:	1.1.4	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	eq	version:	1.1.3	Trust: 0.6
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	90002.0(1.68)	Trust: 0.3
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	ne	version:	90002.0(1.119)	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	ne	version:	90002.0(1.104)	Trust: 0.3

sources: CNVD: CNVD-2017-32929 // BID: 101661 // JVNDB: JVNDB-2017-009840 // CNNVD: CNNVD-201711-076 // NVD: CVE-2017-12277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12277
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12277
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32929
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-076
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102783
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-12277
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32929
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102783
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12277
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32929 // VULHUB: VHN-102783 // JVNDB: JVNDB-2017-009840 // CNNVD: CNNVD-201711-076 // NVD: CVE-2017-12277

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-102783 // JVNDB: JVNDB-2017-009840 // NVD: CVE-2017-12277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-076

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-076

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009840

PATCH

title:	cisco-sa-20171101-fpwr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr	Trust: 0.8
title:	Patches for multiple Cisco product command injection vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/105508	Trust: 0.6
title:	Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76079	Trust: 0.6

sources: CNVD: CNVD-2017-32929 // JVNDB: JVNDB-2017-009840 // CNNVD: CNNVD-201711-076

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12277	Trust: 3.4
db:	BID	id:	101661	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-009840	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-076	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32929	Trust: 0.6
db:	VULHUB	id:	VHN-102783	Trust: 0.1

sources: CNVD: CNVD-2017-32929 // VULHUB: VHN-102783 // BID: 101661 // JVNDB: JVNDB-2017-009840 // CNNVD: CNNVD-201711-076 // NVD: CVE-2017-12277

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-fpwr	Trust: 2.6
url:	http://www.securityfocus.com/bid/101661	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12277	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12277	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-32929 // VULHUB: VHN-102783 // BID: 101661 // JVNDB: JVNDB-2017-009840 // CNNVD: CNNVD-201711-076 // NVD: CVE-2017-12277

CREDITS

Cisco.

Trust: 0.3

sources: BID: 101661

SOURCES

db:	CNVD	id:	CNVD-2017-32929
db:	VULHUB	id:	VHN-102783
db:	BID	id:	101661
db:	JVNDB	id:	JVNDB-2017-009840
db:	CNNVD	id:	CNNVD-201711-076
db:	NVD	id:	CVE-2017-12277

LAST UPDATE DATE

2024-11-23T22:17:46.204000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32929	date:	2017-11-07T00:00:00
db:	VULHUB	id:	VHN-102783	date:	2019-10-09T00:00:00
db:	BID	id:	101661	date:	2017-12-19T21:00:00
db:	JVNDB	id:	JVNDB-2017-009840	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-076	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12277	date:	2024-11-21T03:09:13.077

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32929	date:	2017-11-07T00:00:00
db:	VULHUB	id:	VHN-102783	date:	2017-11-02T00:00:00
db:	BID	id:	101661	date:	2017-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-009840	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-076	date:	2017-11-03T00:00:00
db:	NVD	id:	CVE-2017-12277	date:	2017-11-02T16:29:00.427