CVE-2017-12277

CWE-20Improper Input ValidationCWE-77Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 32.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firepower Extensible Operating System
Timeline
PublishedNov 2
Latest updateMay 13

Description

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_firepower_4100_series_ngfw_and_firepower_9300_security_applianceCisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance

🔴Vulnerability Details

2
GHSA
GHSA-7g3p-7vv6-j5pw: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security2022-05-13
CVEList
CVE-2017-12277: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security2017-11-02

📋Vendor Advisories

1
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability2017-11-01
CVE-2017-12277 (HIGH CVSS 8.8) | A vulnerability in the Smart Licens | cvebase.io