CVE-2017-12243
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.
Un vulnerabilidad en Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) y Cisco Firepower 9300 Security Appliance podría permitir que un atacante local autenticado obtenga privilegios root shell en el dispositivo. Esta vulnerabilidad también se conoce como Command Injection. La vulnerabilidad se debe a una validación inadecuada de valores de entrada de una cadena en la aplicación shell. Un atacante podría explotar esta vulnerabilidad mediante el uso de comandos maliciosos. Un exploit exitoso podría permitir que el atacante obtenga privilegios root shell en el dispositivo. Cisco Bug IDs: CSCvf20741, CSCvf60078.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-03 CVE Reserved
- 2017-11-01 First Exploit
- 2017-11-02 CVE Published
- 2024-02-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101652 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039719 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44052 | 2017-11-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Computing System Manager Firmware Search vendor "Cisco" for product "Unified Computing System Manager Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Computing System Manager Search vendor "Cisco" for product "Unified Computing System Manager" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower 9300 Security Appliance Firmware Search vendor "Cisco" for product "Firepower 9300 Security Appliance Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Firepower 9300 Security Appliance Search vendor "Cisco" for product "Firepower 9300 Security Appliance" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower 4100 Next-generation Firewall Firmware Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Firepower 4110 Next-generation Firewall Search vendor "Cisco" for product "Firepower 4110 Next-generation Firewall" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower 4100 Next-generation Firewall Firmware Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Firepower 4120 Next-generation Firewall Search vendor "Cisco" for product "Firepower 4120 Next-generation Firewall" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower 4100 Next-generation Firewall Firmware Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Firepower 4140 Next-generation Firewall Search vendor "Cisco" for product "Firepower 4140 Next-generation Firewall" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower 4100 Next-generation Firewall Firmware Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Firepower 4150 Next-generation Firewall Search vendor "Cisco" for product "Firepower 4150 Next-generation Firewall" | - | - |
Safe
|