// For flags

CVE-2017-12243

Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

Un vulnerabilidad en Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) y Cisco Firepower 9300 Security Appliance podría permitir que un atacante local autenticado obtenga privilegios root shell en el dispositivo. Esta vulnerabilidad también se conoce como Command Injection. La vulnerabilidad se debe a una validación inadecuada de valores de entrada de una cadena en la aplicación shell. Un atacante podría explotar esta vulnerabilidad mediante el uso de comandos maliciosos. Un exploit exitoso podría permitir que el atacante obtenga privilegios root shell en el dispositivo. Cisco Bug IDs: CSCvf20741, CSCvf60078.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-03 CVE Reserved
  • 2017-11-01 First Exploit
  • 2017-11-02 CVE Published
  • 2024-02-06 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Unified Computing System Manager Firmware
Search vendor "Cisco" for product "Unified Computing System Manager Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Unified Computing System Manager
Search vendor "Cisco" for product "Unified Computing System Manager"
--
Safe
Cisco
Search vendor "Cisco"
Firepower 9300 Security Appliance Firmware
Search vendor "Cisco" for product "Firepower 9300 Security Appliance Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Firepower 9300 Security Appliance
Search vendor "Cisco" for product "Firepower 9300 Security Appliance"
--
Safe
Cisco
Search vendor "Cisco"
Firepower 4100 Next-generation Firewall Firmware
Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Firepower 4110 Next-generation Firewall
Search vendor "Cisco" for product "Firepower 4110 Next-generation Firewall"
--
Safe
Cisco
Search vendor "Cisco"
Firepower 4100 Next-generation Firewall Firmware
Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Firepower 4120 Next-generation Firewall
Search vendor "Cisco" for product "Firepower 4120 Next-generation Firewall"
--
Safe
Cisco
Search vendor "Cisco"
Firepower 4100 Next-generation Firewall Firmware
Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Firepower 4140 Next-generation Firewall
Search vendor "Cisco" for product "Firepower 4140 Next-generation Firewall"
--
Safe
Cisco
Search vendor "Cisco"
Firepower 4100 Next-generation Firewall Firmware
Search vendor "Cisco" for product "Firepower 4100 Next-generation Firewall Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Firepower 4150 Next-generation Firewall
Search vendor "Cisco" for product "Firepower 4150 Next-generation Firewall"
--
Safe