Lucene search

CiscoCISCO-SA-20191002-FMC-COM-INJ

HistoryOct 02, 2019 - 4:00 p.m.

Cisco Firepower Management Center Command Injection Vulnerability

2019-10-0216:00:00

tools.cisco.com

152

0.003 Low

EPSS

Percentile

65.5%

JSON

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system.
The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj”]
This advisory is part of the October 2019 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 18 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: October 2019 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-72541”].

Affected configurations

Vulners

Node

ciscofirepower_management_centerMatch5.4

ciscofirepower_management_centerMatch6.0

ciscofirepower_management_centerMatch5.3

ciscofirepower_management_centerMatch6.1

ciscofirepower_management_centerMatch5.2

ciscofirepower_management_centerMatch4.10

ciscofirepower_management_centerMatch2.9

ciscofirepower_management_centerMatchany

ciscofirepower_management_centerMatch5.4.1.3

ciscofirepower_management_centerMatch5.4.1.5

ciscofirepower_management_centerMatch5.4.1.4

ciscofirepower_management_centerMatch5.4.1.2

ciscofirepower_management_centerMatch5.4.1.1

ciscofirepower_management_centerMatch5.4.1

ciscofirepower_management_centerMatch5.4.0

ciscofirepower_management_centerMatch5.4.0.2

ciscofirepower_management_centerMatch5.4.1.6

ciscofirepower_management_centerMatch5.4.1.9

ciscofirepower_management_centerMatchany

ciscofirepower_management_centerMatch6.0.0

ciscofirepower_management_centerMatch6.0.1

ciscofirepower_management_centerMatch6.0.0.1

ciscofirepower_management_centerMatch6.0.0.0

ciscofirepower_management_centerMatch6.0.1.1

ciscofirepower_management_centerMatch6.0.1.3

ciscofirepower_management_centerMatch5.3.0.2

ciscofirepower_management_centerMatch5.3.1.6

ciscofirepower_management_centerMatch5.3.1.5

ciscofirepower_management_centerMatch5.3.1.4

ciscofirepower_management_centerMatch5.3.1.3

ciscofirepower_management_centerMatch5.3.0.3

ciscofirepower_management_centerMatch5.3.0

ciscofirepower_management_centerMatch5.3.1

ciscofirepower_management_centerMatch5.3.0.4

ciscofirepower_management_centerMatch5.3.1.7

ciscofirepower_management_centerMatch6.1.0

ciscofirepower_management_centerMatch6.1.0.2

ciscofirepower_management_centerMatchany

ciscofirepower_management_centerMatch5.2.0

ciscofirepower_management_centerMatchany

ciscofirepower_management_centerMatch4.10.3

ciscofirepower_management_centerMatch4.10.3.9

ciscofirepower_management_centerMatch2.9.0

ciscofirepower_management_centerMatch2.9.7.10

CPENameOperatorVersion
cisco firepower management centereq5.4
cisco firepower management centereq6.0
cisco firepower management centereq5.3
cisco firepower management centereq6.1
cisco firepower management centereq5.2
cisco firepower management centereq4.10
cisco firepower management centereq2.9
cisco firepower management center baseeqany
cisco firepower management centereq5.4.1.3
cisco firepower management centereq5.4.1.5

Name	Operator	Version
cisco firepower management center	eq	5.4
cisco firepower management center	eq	6.0
cisco firepower management center	eq	5.3
cisco firepower management center	eq	6.1
cisco firepower management center	eq	5.2
cisco firepower management center	eq	4.10
cisco firepower management center	eq	2.9
cisco firepower management center base	eq	any
cisco firepower management center	eq	5.4.1.3
cisco firepower management center	eq	5.4.1.5