var-201704-1336
Vulnerability from variot
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Vendors have confirmed this vulnerability Bug ID CSCvb86725 and CSCvb86797 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands as root. This issue is being tracked by Cisco Bug ID's CSCvb86725 and CSCvb86797. There are privilege escalation vulnerabilities in the debugging plug-in function of several Cisco products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1\\(1k\\)a"
},
{
"model": "firepower extensible operating system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0\\(1.68\\)"
},
{
"model": "firepower extensible operating system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 3.1 a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "firepower security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "93000"
},
{
"model": "firepower series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(1.68)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900092.2(1.105)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900092.1(1.1733)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.1(1.69)"
}
],
"sources": [
{
"db": "BID",
"id": "97429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_extensible_operating_system:2.0\\(1.68\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:3.1\\(1k\\)a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6598"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6598",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-114801",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6598",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6598",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-432",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114801",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114801"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Vendors have confirmed this vulnerability Bug ID CSCvb86725 and CSCvb86797 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local privilege-escalation vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands as root. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCvb86725 and CSCvb86797. There are privilege escalation vulnerabilities in the debugging plug-in function of several Cisco products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "BID",
"id": "97429"
},
{
"db": "VULHUB",
"id": "VHN-114801"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6598",
"trust": 2.8
},
{
"db": "BID",
"id": "97429",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038198",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114801",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114801"
},
{
"db": "BID",
"id": "97429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"id": "VAR-201704-1336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114801"
}
],
"trust": 0.7114193
},
"last_update_date": "2023-12-18T14:05:49.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-ucs",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ucs"
},
{
"title": "Multiple Cisco Product Privilege License and Access Control Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73814"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114801"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ucs"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97429"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038198"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6598"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6598"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114801"
},
{
"db": "BID",
"id": "97429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114801"
},
{
"db": "BID",
"id": "97429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-114801"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97429"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"date": "2017-04-07T17:59:00.577000",
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114801"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97429"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003066"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6598"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97429"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Computing System Manager and Firepower Vulnerabilities related to authorization, authority, and access control in the product debug plug-in function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-432"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.