CWE
20 77
Advisory Published
Updated

CVE-2017-12277: Input Validation

First published: Thu Nov 02 2017(Updated: )

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Firepower Extensible Operating System<=1.1.3
Cisco Firepower Extensible Operating System=1.1.4
Cisco Firepower Extensible Operating System=2.0.1
Cisco Firepower 4110 Next-generation Firewall
Cisco Firepower 4120 Next-generation Firewall
Cisco Firepower 4140 Next-generation Firewall
Cisco Firepower 4150 Next-generation Firewall
Cisco Firepower 9300 Security Appliance

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2017-12277?

    CVE-2017-12277 is a vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance.

  • What is the severity of CVE-2017-12277?

    The severity of CVE-2017-12277 is critical with a CVSS score of 8.8.

  • How does CVE-2017-12277 work?

    CVE-2017-12277 allows an authenticated, remote attacker to inject arbitrary commands with root privileges.

  • Which software versions are affected by CVE-2017-12277?

    CVE-2017-12277 affects Cisco Firepower Extensible Operating System versions 1.1.3, 1.1.4, and 2.0.1.

  • How can I fix CVE-2017-12277?

    To fix CVE-2017-12277, it is recommended to upgrade to a non-vulnerable version of Cisco Firepower Extensible Operating System.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203