Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability

ID CISCO-SA-20151116-FIRE1
Type cisco
Reporter Cisco
Modified 2015-11-17T21:03:14


A vulnerability in the Management I/O (MIO) command-line interface (CLI) command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level.

The vulnerability is due to insufficient sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by using crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:[""]