First published: Fri May 03 2019(Updated: )
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Management Center | =6.3.0 | |
Cisco Firepower Threat Defense | =6.0.0 | |
Cisco Firepower Threat Defense | =6.0.1 | |
Cisco Firepower Threat Defense | =6.1.0 | |
Cisco Firepower Threat Defense | =6.2.0 | |
Cisco Firepower Threat Defense | =6.2.1 | |
Cisco Firepower Threat Defense | =6.2.2 | |
Cisco Firepower Threat Defense | =6.2.3 | |
Cisco Secure Firewall Management Center | =6.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.