Cisco Firepower CLI Command Injection Vulnerability (CVE-2017-3806) Advisory

Key Information Vulnerability Name: Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability Vulnerability Identifiers: - Advisory ID: cisco-sa-20170201-fpw - CVE: CVE-2017-3806 - CWE: CWE-78 Risk Rating: Medium Initial Release Date: February 1, 2017, 16:00 GMT Version: 1.0 Remediation Status: Final Version 1.0: Final Workarounds: No workarounds are available Cisco Bug ID: CSCvb61343 CVSS Score: 3.9 Summary This vulnerability exists in the CLI command handling of Cisco Firepower 4100 Series Next-Generation Firewalls and Cisco Firepower 9300 Security Appliances, allowing an authenticated local attacker to inject arbitrary shell commands that are executed by the device. The vulnerability results from insufficient input validation of parameters entered by users in the CLI. An attacker can exploit this vulnerability by authenticating to the device and submitting specially crafted input parameters for specific commands. Successful exploitation allows an authenticated attacker to execute arbitrary shell commands on the device. No workarounds are available for this vulnerability. Affected Products This vulnerability affects all releases of Cisco Firepower 4100 Series Next-Generation Firewalls and Cisco Firepower 9300 Security Appliances prior to the initial fixed release. For information on affected software versions, refer to the Cisco bug ID(s) listed at the top of this advisory. Fixed Software For details on fixed software, refer to the Cisco bug ID(s) listed at the top of this advisory. When considering software upgrades, customers are advised to regularly review Cisco product advisories to understand risks and complete upgrade solutions. In all cases, customers should ensure that devices have sufficient memory after upgrading and confirm that current hardware and software configurations will continue to be supported by the new version. If relevant information is unclear, customers are advised to contact Cisco Technical Assistance Center (TAC) or their contracted maintenance provider. Exploitation and Public Announcements Cisco Product Security Incident Response Team (PSIRT) has not identified any public announcements or malicious use of the vulnerability described in this advisory. URL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Firepower CLI Command Injection Vulnerability (CVE-2017-3806) Advisory