Multiple Cisco Products CVE-2017-6600 Local Command Injection Vulnerability

Multiple Cisco Products are prone to a local command-injection vulnerability.

A local attacker can exploit this issue to execute arbitrary shell commands.

This issue being tracked by Cisco Bug ID CSCvb61351 and CSCvb61637.

All versions of the following products are affected:

Cisco Unified Computing System Manager
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance

Information

Bugtraq ID: 97439
Class: Input Validation Error
CVE: CVE-2017-6600

Remote: No
Local: Yes
Published: Apr 05 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Cisco Unified Computing System Manager 0
Cisco Unified Computing System 3.1(1k)A
Cisco Firepower 9300 Security Appliance 0
Cisco Firepower 9000 Series 2.0(1.68)
Cisco Firepower 4100 Series Next-Generation Firewall 0

Not Vulnerable: Cisco Firepower 9000 Series 92.2(1.101)
Cisco Firepower 9000 Series 2.0(1.82)

References:

• Cisco Homepage (Cisco)
  
• Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Se (Cisco)
  

Source: www.securityfocus.com