CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6600
https://notcve.org/view.php?id=CVE-2017-6600
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97439 http://www.securitytracker.com/id/1038199 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6604
https://notcve.org/view.php?id=CVE-2017-6604
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. Una vulnerabilidad en la interfaz web del software Cisco Integrated Management Controller (IMC) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web malintencionada. • http://www.securityfocus.com/bid/97457 http://www.securitytracker.com/id/1038186 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •