CVSS: 8.6EPSS: 0%CPEs: 67EXPL: 0CVE-2017-3883
https://notcve.org/view.php?id=CVE-2017-3883
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. • http://www.securityfocus.com/bid/101493 http://www.securitytracker.com/id/1039614 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6598
https://notcve.org/view.php?id=CVE-2017-6598
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Una vulnerabilidad en la funcionalidad de complemento de depuración del Unified Computing System de Cisco (UCS), Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante local autenticado ejecutar comandos arbitrarios, También conocido como Privilege Escalation. • http://www.securityfocus.com/bid/97429 http://www.securitytracker.com/id/1038198 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6597
https://notcve.org/view.php?id=CVE-2017-6597
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Una vulnerabilidad en el comando local-mgmt de la CLI del Administrador del Unified Computing System de Cisco (UCS), el cortafuegos de próxima generación Cisco Firepower 4100 (NGFW) y el dispositivo de seguridad Cisco Firepower 9300 podrían permitir a un atacante local autenticado realizar una inyección de comandos ataque. • http://www.securityfocus.com/bid/97476 http://www.securitytracker.com/id/1038195 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6601
https://notcve.org/view.php?id=CVE-2017-6601
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97477 http://www.securitytracker.com/id/1038196 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6600
https://notcve.org/view.php?id=CVE-2017-6600
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97439 http://www.securitytracker.com/id/1038199 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •