← back
CVE-2017-12243

CVE-2017-12243

EPSS 77.1%CWE-78
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 77.1%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
01 Nov 2017Public PoC
02 Nov 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.
Affected products
n/a · Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance
public PoCs found1
exploitdbwww.exploit-db.com/exploits/44052unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arcehttp://www.securityfocus.com/bid/101652http://www.securitytracker.com/id/1039719