What is the severity of CVE-2017-3806?

CVE-2017-3806 has a high severity rating due to its impact on command injection by authenticated attackers.

How do I fix CVE-2017-3806?

To fix CVE-2017-3806, upgrade the Cisco Firepower Threat Defense software to the latest recommended version.

Who is affected by CVE-2017-3806?

CVE-2017-3806 affects Cisco Firepower 4100 Series and 9300 Security Appliance running specific versions of the Firepower Threat Defense software.

What type of vulnerability is CVE-2017-3806?

CVE-2017-3806 is a command injection vulnerability that allows attackers to execute arbitrary shell commands.

Is CVE-2017-3806 remote or local?

CVE-2017-3806 is a local vulnerability requiring authentication for exploitation.

Vulnerability/
CVE-2017-3806

medium

5.3

CWE

3/2/2017

27/2/2017

CVE-2017-3806: OS Command Injection

First published: Fri Feb 03 2017(Updated: )

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101).

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Threat Defense	=5.3.0
Cisco Firepower Threat Defense	=5.4.0
Cisco Firepower Threat Defense	=6.0.0
Cisco Firepower Threat Defense	=6.0.1
Cisco Firepower Threat Defense	=6.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3806?
CVE-2017-3806 has a high severity rating due to its impact on command injection by authenticated attackers.
How do I fix CVE-2017-3806?
To fix CVE-2017-3806, upgrade the Cisco Firepower Threat Defense software to the latest recommended version.
Who is affected by CVE-2017-3806?
CVE-2017-3806 affects Cisco Firepower 4100 Series and 9300 Security Appliance running specific versions of the Firepower Threat Defense software.
What type of vulnerability is CVE-2017-3806?
CVE-2017-3806 is a command injection vulnerability that allows attackers to execute arbitrary shell commands.
Is CVE-2017-3806 remote or local?
CVE-2017-3806 is a local vulnerability requiring authentication for exploitation.

agent/references
agent/type
agent/softwarecombine
agent/event
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco firepower threat defense
version/cisco firepower threat defense/5.3.0
version/cisco firepower threat defense/5.4.0
version/cisco firepower threat defense/6.0.0
version/cisco firepower threat defense/6.0.1
version/cisco firepower threat defense/6.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.