CVE-2017-6598 - A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manag

CVE-2017-6598

Summary

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).

References

Vulnerable Configurations

cpe:2.3:a:cisco:firepower_extensible_operating_system:2.0\(1.68\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_extensible_operating_system:2.0\(1.68\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:3.1\(1k\)a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:3.1\(1k\)a:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	97429
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
sectrack	1038198

Last major update

03-10-2019 - 00:03

Published

07-04-2017 - 17:59

Last modified

03-10-2019 - 00:03