Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system.

The vulnerability is due to improper handling of modified backup configuration files. An attacker could exploit this vulnerability by modifying certain components within the backup system files. An exploit could allow the attacker to run arbitrary code as a root user on the affected appliance.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT”]