CVE-2017-6633
https://notcve.org/view.php?id=CVE-2017-6633
A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544. • http://www.securityfocus.com/bid/98525 http://www.securitytracker.com/id/1038513 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6601
https://notcve.org/view.php?id=CVE-2017-6601
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97477 http://www.securitytracker.com/id/1038196 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-6598
https://notcve.org/view.php?id=CVE-2017-6598
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Una vulnerabilidad en la funcionalidad de complemento de depuración del Unified Computing System de Cisco (UCS), Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante local autenticado ejecutar comandos arbitrarios, También conocido como Privilege Escalation. • http://www.securityfocus.com/bid/97429 http://www.securitytracker.com/id/1038198 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs • CWE-862: Missing Authorization •
CVE-2017-6597
https://notcve.org/view.php?id=CVE-2017-6597
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Una vulnerabilidad en el comando local-mgmt de la CLI del Administrador del Unified Computing System de Cisco (UCS), el cortafuegos de próxima generación Cisco Firepower 4100 (NGFW) y el dispositivo de seguridad Cisco Firepower 9300 podrían permitir a un atacante local autenticado realizar una inyección de comandos ataque. • http://www.securityfocus.com/bid/97476 http://www.securitytracker.com/id/1038195 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-6602
https://notcve.org/view.php?id=CVE-2017-6602
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permiti a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97472 http://www.securitytracker.com/id/1038197 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •