What is the severity of CVE-2017-12243?

The severity of CVE-2017-12243 is high, with a severity value of 7.8.

How can an attacker exploit CVE-2017-12243?

An attacker can exploit CVE-2017-12243 by obtaining root shell privileges on the affected devices through command injection.

Which software versions are affected by CVE-2017-12243?

Cisco Unified Computing System Manager Firmware, Cisco Firepower 9300 Security Appliance Firmware, and Cisco Firepower 4100 Next-generation Firewall Firmware are affected by CVE-2017-12243.

How can I fix CVE-2017-12243?

Apply the necessary updates or patches provided by Cisco to fix CVE-2017-12243.

Where can I find more information about CVE-2017-12243?

You can find more information about CVE-2017-12243 on the following sources: SecurityFocus BID, SecurityTracker, and the Cisco Security Advisory.

Vulnerability/
CVE-2017-12243

high

7.8

CWE

78 77

2/11/2017

9/10/2019

CVE-2017-12243: OS Command Injection

First published: Thu Nov 02 2017(Updated: )

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Unified Computing System Manager Firmware
Cisco Unified Computing System Manager
Cisco Firepower 9300 Security Appliance Firmware
Cisco Firepower 9300 Security Appliance
Cisco Firepower 4100 Next-generation Firewall Firmware
Cisco Firepower 4110 Next-generation Firewall
Cisco Firepower 4120 Next-generation Firewall
Cisco Firepower 4140 Next-generation Firewall
Cisco Firepower 4150 Next-generation Firewall

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12243?
The severity of CVE-2017-12243 is high, with a severity value of 7.8.
How can an attacker exploit CVE-2017-12243?
An attacker can exploit CVE-2017-12243 by obtaining root shell privileges on the affected devices through command injection.
Which software versions are affected by CVE-2017-12243?
Cisco Unified Computing System Manager Firmware, Cisco Firepower 9300 Security Appliance Firmware, and Cisco Firepower 4100 Next-generation Firewall Firmware are affected by CVE-2017-12243.
How can I fix CVE-2017-12243?
Apply the necessary updates or patches provided by Cisco to fix CVE-2017-12243.
Where can I find more information about CVE-2017-12243?
You can find more information about CVE-2017-12243 on the following sources: SecurityFocus BID, SecurityTracker, and the Cisco Security Advisory.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.