cbcvebase.
CVE-2017-12277
published 2017-11-02

CVE-2017-12277: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance…

PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.80%
88.7th percentile
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863.

Affected

4 ranges
VendorProductVersion rangeFixed in
ciscofirepower_4100_series_ngfw_and_firepower_9300_security_appliance_smart_licensing
ciscofirepower_extensible_operating_system<= 1.1.3
ciscofirepower_extensible_operating_system
ciscofirepower_extensible_operating_system

Detection & IOCsextracted from sources · hover to see the quote

  • The attack vector is a malicious URL injected into the Smart Licensing Manager service configuration parameters on Cisco Firepower 4100/9300 running FX-OS. Monitor for unexpected or malformed URLs configured in the Smart Licensing feature.
  • Scope detection to FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 on Firepower 4100 Series NGFW and Firepower 9300 Security Appliance; versions 2.1.1, 2.2.1, and 2.2.2 are NOT affected.
  • Successful exploitation results in arbitrary command execution with root privileges via the Smart Licensing Manager service. Alert on unexpected root-level process spawning from the Smart Licensing Manager service process.
  • ·Exploitation requires authentication; unauthenticated remote attackers cannot trigger this vulnerability.
  • ·There are no workarounds available; patching to a fixed FX-OS version (2.1.1, 2.2.1, or 2.2.2) is the only mitigation.
  • ·The root cause is insufficient input validation of Smart Licensing configuration parameters, specifically the URL field; any input validation controls on that field should be reviewed.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.