CVE-2017-3806
Published Feb 3, 2017
Last updated 8 years ago
Overview
- Description
- A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101).
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.3
- Impact score
- 3.4
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-78
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:5.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DB13378-A7CB-4EBB-B3FD-57F7F37965ED"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D850EEF9-1967-4CE5-A30C-50180849BCAD"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1AC6A67-82EF-4D31-AFCB-499A0C6EC0F8"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "995667FD-35F1-49E5-96DB-2FDFF5E0B523"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61FB47CF-2A6A-4121-BFF7-5862E163B8E5"
}
],
"operator": "OR"
}
]
}
]