Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20170201-FPW
HistoryFeb 01, 2017 - 4:00 p.m.

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability

2017-02-0116:00:00
tools.cisco.com
16

EPSS

0

Percentile

5.2%

JSON

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.

The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrary shell commands on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw”]

Affected configurations

Vulners
Node
ciscofirepower_threat_defense_softwareMatch6.0
OR
ciscofirepower_threat_defense_softwareMatch5.3
OR
ciscofirepower_threat_defense_softwareMatch5.4
OR
ciscofirepower_threat_defense_softwareMatch6.1
OR
ciscofirepower_threat_defense_softwareMatch6.0.0
OR
ciscofirepower_threat_defense_softwareMatch6.0.1
OR
ciscofirepower_threat_defense_softwareMatch5.3.0
OR
ciscofirepower_threat_defense_softwareMatch5.4.0
OR
ciscofirepower_threat_defense_softwareMatch6.1.0
VendorProductVersionCPE
ciscofirepower_threat_defense_software6.0cpe:2.3:a:cisco:firepower_threat_defense_software:6.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software5.3cpe:2.3:a:cisco:firepower_threat_defense_software:5.3:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software5.4cpe:2.3:a:cisco:firepower_threat_defense_software:5.4:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.1cpe:2.3:a:cisco:firepower_threat_defense_software:6.1:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.0.0cpe:2.3:a:cisco:firepower_threat_defense_software:6.0.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.0.1cpe:2.3:a:cisco:firepower_threat_defense_software:6.0.1:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software5.3.0cpe:2.3:a:cisco:firepower_threat_defense_software:5.3.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software5.4.0cpe:2.3:a:cisco:firepower_threat_defense_software:5.4.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.1.0cpe:2.3:a:cisco:firepower_threat_defense_software:6.1.0:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2017-3806
2017-02-03 07:24:00
prion
prion
Design/Logic Flaw
2017-02-03 07:59:00
nvd
nvd
CVE-2017-3806
2017-02-03 07:59:00
cve
cve
CVE-2017-3806
2017-02-03 07:59:00

EPSS

0

Percentile

5.2%

JSON
Related for CISCO-SA-20170201-FPW
cvelist1prion1nvd1cve1