CWE
20
Advisory Published

cisco-sa-20200226-fxos-cli-file: Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

First published: Wed Feb 26 2020(Updated: )

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file

Affected SoftwareAffected VersionHow to fix
Cisco ASA Software>=9.10=9.12<=9.13<9.13.1.7>=9.8<=9.9<9.9.2.66
9.13.1.7
9.9.2.66
Cisco FTD Software>=6.2.2<=6.2.3<6.2.3.16 (Apr 2020)
6.2.3.16 (Apr 2020)
Cisco FXOS Software=2.6<2.6.1.157=2.4<2.4.1.238=2.3<2.3.1.155>=Earlier than 2.2<=2.2<2.2.2.97
2.6.1.157
2.4.1.238
2.3.1.155
2.2.2.97

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    The vulnerability allows an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS) due to insufficient input validation in the CLI of Cisco FXOS Software.

  • Who is affected by the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    Users of Cisco FXOS Software versions 2.2.2.97 and earlier, 2.3 up to 2.3.1.155, 2.4 up to 2.4.1.238, 2.6 up to 2.6.1.157, Cisco ASA Software versions 9.8 up to 9.9.2.66, 9.10 up to 9.12, and 9.13 up to 9.13.1.7, as well as Cisco FTD Software versions 6.2.2 up to 6.2.3.16 (Apr 2020) are affected.

  • What is the severity of the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    The vulnerability is rated medium with a severity score of 4.2.

  • How can an attacker exploit the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    An attacker can exploit the vulnerability by including crafted arguments in CLI commands to read or write arbitrary files on the underlying OS.

  • Is there a remedy for the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    Yes, Cisco has released software updates to address the vulnerability. Users should upgrade to the specified fixed versions.

  • Where can I find more information about the Cisco FXOS Software CLI Arbitrary File Read and Write vulnerability?

    You can find more information about the vulnerability at the Cisco Security Advisory: [link](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203