CVE-2017-12277
published 2017-11-02CVE-2017-12277: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance…
PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.80%
88.7th percentile
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | firepower_4100_series_ngfw_and_firepower_9300_security_appliance_smart_licensing | — | — |
| cisco | firepower_extensible_operating_system | <= 1.1.3 | — |
| cisco | firepower_extensible_operating_system | — | — |
| cisco | firepower_extensible_operating_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack vector is a malicious URL injected into the Smart Licensing Manager service configuration parameters on Cisco Firepower 4100/9300 running FX-OS. Monitor for unexpected or malformed URLs configured in the Smart Licensing feature. ↗
- →Scope detection to FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 on Firepower 4100 Series NGFW and Firepower 9300 Security Appliance; versions 2.1.1, 2.2.1, and 2.2.2 are NOT affected. ↗
- →Successful exploitation results in arbitrary command execution with root privileges via the Smart Licensing Manager service. Alert on unexpected root-level process spawning from the Smart Licensing Manager service process. ↗
- ·Exploitation requires authentication; unauthenticated remote attackers cannot trigger this vulnerability. ↗
- ·There are no workarounds available; patching to a fixed FX-OS version (2.1.1, 2.2.1, or 2.2.2) is the only mitigation. ↗
- ·The root cause is insufficient input validation of Smart Licensing configuration parameters, specifically the URL field; any input validation controls on that field should be reviewed. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7g3p-7vv6-j5pw: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security
ghsa_unreviewed·2022-05-13
CVE-2017-12277 [HIGH] CWE-20 GHSA-7g3p-7vv6-j5pw: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
vendor_cisco·2017-11-01·CVSS 8.8
CVE-2017-12277 [HIGH] CWE-20 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges.
The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.
Cisco has released software updates that address this vulnerability. Th
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12277 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
CVE-2017-12277: Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco has released software updates that address this vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-11-02
Published