CVE-2017-3806 — OS Command Injection in Cisco Firepower Threat Defense

CWE-78 — OS Command Injection4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 73.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense

Timeline

PublishedFeb 3

Latest updateMay 17

Description

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

▶NVDcisco/firepower_threat_defense5 versions+4

🔴Vulnerability Details

GHSA

GHSA-h6gm-h2wg-p29r: A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance coul↗2022-05-17

▶

CVEList

CVE-2017-3806: A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance coul↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability↗2017-02-01

▶