cisco-sa-20170705-FireSIGHT

Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

cisco-sa-20170705-FireSIGHT · Medium · Published 8 years ago · Updated 8 years ago

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. The vulnerability is due to improper handling of modified backup configuration files. An attacker could exploit this vulnerability by modifying certain components within the backup system files. An exploit could allow the attacker to run arbitrary code as a root user on the affected appliance. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2017-6735
Cisco Bug IDs	CSCvc91092
CVSS Score	Base 6.7 Base 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Firepower System Software

Related Products

Product	CVE	Evidence

Vulnslist

find the latest Cisco vulnerabilities

Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

Workarounds

Related Products