CVE-2017-6597
https://notcve.org/view.php?id=CVE-2017-6597
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Una vulnerabilidad en el comando local-mgmt de la CLI del Administrador del Unified Computing System de Cisco (UCS), el cortafuegos de próxima generación Cisco Firepower 4100 (NGFW) y el dispositivo de seguridad Cisco Firepower 9300 podrían permitir a un atacante local autenticado realizar una inyección de comandos ataque. • http://www.securityfocus.com/bid/97476 http://www.securitytracker.com/id/1038195 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-6602
https://notcve.org/view.php?id=CVE-2017-6602
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permiti a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97472 http://www.securitytracker.com/id/1038197 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-6600
https://notcve.org/view.php?id=CVE-2017-6600
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Una vulnerabilidad en el CLI del Unified Computing System (UCS) de Cisco, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), y dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local realizar un ataque de inyección de comandos. • http://www.securityfocus.com/bid/97439 http://www.securitytracker.com/id/1038199 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-6435 – Cisco UCS Manager 2.2(1d) Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-6435
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(5) en versiones anteriores a 2.2(5a) y 3.0 en versiones anteriores a 3.0(2e) permite a atacantes remotos ejecutar comandos shell arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCur90888. • http://packetstormsecurity.com/files/160991/Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm http://www.securitytracker.com/id/1034743 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-6380
https://notcve.org/view.php?id=CVE-2015-6380
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. Una secuencia de comandos no especificada en la interfaz web en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de parámetros manipulados, también conocida como Bug ID CSCux10622. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •