CVSS: 6.0EPSS: 0%CPEs: 43EXPL: 0CVE-2023-20234
https://notcve.org/view.php?id=CVE-2023-20234
23 Aug 2023 — A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL • CWE-73: External Control of File Name or Path CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 51%CPEs: 9EXPL: 1CVE-2017-12243 – Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12243
02 Nov 2017 — A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to ... • https://www.exploit-db.com/exploits/44052 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2017-12277
https://notcve.org/view.php?id=CVE-2017-12277
02 Nov 2017 — A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A s... • http://www.securityfocus.com/bid/101661 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •