Executive Summary
Summary | |
---|---|
Title | Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20171101-fpwr | First vendor Publication | 2017-11-01 |
Vendor | Cisco | Last vendor Modification | 2017-11-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZ+fHdZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnNQQ/+IN8smnbk8QbX7m0H hW60vHe5OmByXnjU0TGAPshpNNDPfKWVo4eJ5XtDwvva+Lmi14PjXpe603//25td +iOWElY3GW4YUQmzTqsHTk58EYyh7cgbRTd/B8UU3Vq+ghXVXBJ65QjIrAWHybeq EGzHAxU+RitfZGIUqeQ1BvdSaSrTxzOeXnRB1nQ+6PzD4bD9l6HZHxHrCokeLqYB 44MXdbHsvADMd3G82e8bVyDDxCyqkz7+T1k0+WHypEr2Btbw/qFXq97zy36BEk2Y Dx6s5OY69hugWSUMnSYBBexePU0EBqPPiroTHZSXYMBI9r/2GKix2FnEBIFgcCQB c01S1iFXK7bWiLQrU2R25q1Jdgxo3w+dY+I3bCCKvuALfI3uwv+7cNhe9EQj7+CC bd/Nrp+gMyf1UhNGtjvtvcz5qjMNyYQAU/a8O4hSkabzt2l1+Xdpn2LG36MyLvXR XeH+b4ABQwX/J6a3pBmJHt+sBKiasZLNdYNeTXXk9YCCic9yFFdllGKcDmMyywNr zalhiYuBaxoGqbqRcUroUWGKH3GKy6CC7/ItAu08gD3k3S3eoCGzbZ+hefy7KnSe 6XE3rFdoWvjrorJG4S3MI9T+uOZo5ehClu7VvP20ERGidqIk1UQOjdD6WIDULGxt jVdmbg+u338kKj5zzJM7u3cA4do= =WYPn END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Command Injection') |
50 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-11-02 | Cisco Firepower Smart Licensing command injection attempt RuleID : 44724 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2017-11-21 17:24:15 |
|
2017-11-02 21:25:40 |
|
2017-11-01 21:22:48 |
|