Multiple Cisco Products CVE-2017-6601 Local Command Injection Vulnerability

Multiple Cisco products are prone to a local command-injection vulnerability.

A local attacker can exploit this issue to execute arbitrary commands.

This issue being tracked by Cisco Bug ID's CSCvb61384 and CSCvb86764.

All versions of the following products are affected:

Cisco Unified Computing System Manager
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Firepower 9300 Security Appliance

Information

Bugtraq ID: 97477
Class: Input Validation Error
CVE: CVE-2017-6601

Remote: No
Local: Yes
Published: Apr 05 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Cisco Unified Computing System Manager 0
Cisco Unified Computing System 3.1(1k)A
Cisco Firepower 9300 Security Appliance 0
Cisco Firepower 9000 Series 2.0(1.68)
Cisco Firepower 4100 Series Next-Generation Firewall 0

Not Vulnerable:

References:

Cisco Homepage (Cisco)
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Se (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

Multiple Cisco Products CVE-2017-6601 Local Command Injection Vulnerability

Information