CiscoCISCO-SA-20151116-FIRE1Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
A vulnerability in the Management I/O (MIO) command-line interface (CLI) command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level.
The vulnerability is due to insufficient sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by using crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1”]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| firepower extensible operating system | eq | any | |
| cisco firepower extensible operating system | eq | any |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%