cisco-sa-ftd-file-write-SHVcmQVc: Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
First published: Wed Oct 27 2021(Updated: )
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: This vulnerability was found by Brandon Sakai Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FTD Software | >=6.2.2 and earlier=6.2.3=6.3.0<=6.4.0<6.4.0.13 | 6.4.0.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is cisco-sa-ftd-file-write-SHVcmQVc.
What is the title of the vulnerability?
The title of the vulnerability is Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability.
What is the severity of cisco-sa-ftd-file-write-SHVcmQVc?
The severity of cisco-sa-ftd-file-write-SHVcmQVc is medium with a severity value of 4.
How does the vulnerability work?
The vulnerability allows an authenticated, local attacker with administrative credentials to overwrite or append arbitrary data to system files using root-level privileges.
Which versions of Cisco Firepower Threat Defense Software are affected by this vulnerability?
Versions 6.2.2 and earlier, 6.2.3, 6.3.0, 6.4.0 (up to exclusive), and 6.4.0.13 are affected by this vulnerability.
Is there a Cisco Security Advisory for this vulnerability?
Yes, there is a Cisco Security Advisory for this vulnerability. You can find it at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc
What is the Common Weakness Enumeration (CWE) for this vulnerability?
The Common Weakness Enumeration (CWE) for this vulnerability is CWE-73.
How can I fix the vulnerability cisco-sa-ftd-file-write-SHVcmQVc?
To fix the vulnerability, you should upgrade to a version of Cisco Firepower Threat Defense Software that is not affected by this vulnerability. Please refer to the Cisco Security Advisory for the recommended remediation steps.
- collector/cisco-recent
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/source
- vendor/cisco
- canonical/cisco ftd software
- version/cisco ftd software/6.2.2 and earlier
- version/cisco ftd software/6.2.3
- version/cisco ftd software/6.3.0
- version/cisco ftd software/6.4.0