Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-52


Cisco Unified Computing System CLI Input Validation Flaw Lets Users View and Modify Arbitrary Files on the Target System and Gain Access to Other Devices
Severity Rating: Medium
Systems Affected:
  • Cisco Unified Computing System Manager
  • Cisco Firepower 4100 Series Next-Generation Firewall
  • Cisco Firepower 9300 Security Appliance
Description
A vulnerability has been identified in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance and it could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is caused due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. Successful exploitation of the vulnerability can allow an attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
Vendor Information
Cisco
 
CVE Information
 
References
 
Cisco Security Bulletin
 
Security Tracker
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis