CISCO : Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106924

Categoría: CISCO

Título: Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

Resumen: A vulnerability in the backup and restore functionality of Cisco FireSIGHT; System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system.

Descripción: Summary:
A vulnerability in the backup and restore functionality of Cisco FireSIGHT
System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system.

Vulnerability Insight:
The vulnerability is due to improper handling of modified backup
configuration files. An attacker could exploit this vulnerability by modifying certain components within the
backup system files.

Vulnerability Impact:
An exploit could allow the attacker to run arbitrary code as a root user on
the affected appliance.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6735
BugTraq ID: 99460
http://www.securityfocus.com/bid/99460
http://www.securitytracker.com/id/1038826

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106924
Categoría:	CISCO
Título:	Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability
Resumen:	A vulnerability in the backup and restore functionality of Cisco FireSIGHT; System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system.
Descripción:	Summary: A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. Vulnerability Insight: The vulnerability is due to improper handling of modified backup configuration files. An attacker could exploit this vulnerability by modifying certain components within the backup system files. Vulnerability Impact: An exploit could allow the attacker to run arbitrary code as a root user on the affected appliance. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6735 BugTraq ID: 99460 http://www.securityfocus.com/bid/99460 http://www.securitytracker.com/id/1038826
Copyright	Copyright (C) 2017 Greenbone AG