VDB
CVE-2017-12243
CVE-2017-12243
PUBLISHED
CVSS 7.199999809265137 HIGH
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.
EPSS 40.22% · 97.4th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
40.22%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | firepower_9300_security_appliance_firmware | |
| cisco | firepower_4100_next-generation_firewall_firmware | |
| cisco | unified_computing_system_manager_firmware | |
| n/a | Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance | Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance |
Timeline
- Nov 1, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score