VDB

CVE-2017-12243

CVE-2017-12243 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

EPSS 40.22% · 97.4th percentile

Risk Scores

CVSS 2.0
7.199999809265137
EPSS Score
40.22%
97.4th percentile

Affected Products

VendorProductVersions
ciscofirepower_9300_security_appliance_firmware
ciscofirepower_4100_next-generation_firewall_firmware
ciscounified_computing_system_manager_firmware
n/aCisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security ApplianceCisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance

Timeline

  • Nov 1, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›