cisco-sa-20151116-fire1

Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability

cisco-sa-20151116-fire1 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in the Management I/O (MIO) command-line interface (CLI) command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level.   The vulnerability is due to insufficient sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by using crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability.

CVEs	CVE-2015-6370
Cisco Bug IDs	CSCux10576, CSCux10578
CVSS Score	Base 4.3 Base 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:U/RC:C
Product Names From Source	Cisco Firepower Extensible Operating System, Firepower Extensible Operating System

Related Products

Product	CVE	Evidence
Firepower Extensible Operating System	CVE-2015-6370	Cisco OpenVuln
Cisco Firepower Extensible Operating System	CVE-2015-6370	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability

Workarounds

Related Products