CVE-2015-6370: OS Command Injection
First published: Thu Nov 19 2015(Updated: )
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Extensible Operating System | =1.1\(1.160\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6370?
CVE-2015-6370 has a critical severity rating due to the potential for local users to execute arbitrary commands as root.
How do I fix CVE-2015-6370?
To fix CVE-2015-6370, upgrade your Cisco Firepower Extensible Operating System to a version that addresses this vulnerability.
Who is affected by CVE-2015-6370?
CVE-2015-6370 affects users of Cisco Firepower Extensible Operating System version 1.1(1.160) on Firepower 9000 devices.
What are the consequences of CVE-2015-6370?
The consequences of CVE-2015-6370 include potential unauthorized access and control over the operating system by local users.
When was CVE-2015-6370 disclosed?
CVE-2015-6370 was disclosed on November 16, 2015.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco firepower extensible operating system
- version/cisco firepower extensible operating system/1.1\(1.160\)