cisco-sa-nxfp-cmdinj-XXBZjtR: Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability
First published: Wed Feb 22 2023(Updated: )
A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands.This vulnerability is due to
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower 4100 Series | ||
| Cisco Firepower 9300 Security Appliance | ||
| Cisco UCS Fabric Interconnects 6200 Series | ||
| Cisco UCS Fabric Interconnects 6300 Series | ||
| Cisco UCS Fabric Interconnects 6400 Series | ||
| Cisco UCS Fabric Interconnects 6500 Series |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-nxfp-cmdinj-XXBZjtR?
The severity of the vulnerability cisco-sa-nxfp-cmdinj-XXBZjtR is considered high due to its potential for unauthorized command injection by authenticated attackers.
How do I fix cisco-sa-nxfp-cmdinj-XXBZjtR?
To fix cisco-sa-nxfp-cmdinj-XXBZjtR, update your Cisco Firepower or UCS Fabric Interconnects to the latest version provided by Cisco.
What devices are affected by cisco-sa-nxfp-cmdinj-XXBZjtR?
The devices affected by cisco-sa-nxfp-cmdinj-XXBZjtR include Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects.
Can cisco-sa-nxfp-cmdinj-XXBZjtR be exploited remotely?
No, the vulnerability cisco-sa-nxfp-cmdinj-XXBZjtR requires local access for exploitation, as it involves command injection through the CLI.
What are the potential impacts of cisco-sa-nxfp-cmdinj-XXBZjtR?
The potential impacts of cisco-sa-nxfp-cmdinj-XXBZjtR include unauthorized access to system commands and possible compromise of the affected devices.
- collector/cisco-recent
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco firepower 4100 series
- canonical/cisco firepower 9300 security appliance
- canonical/cisco ucs fabric interconnects 6200 series
- canonical/cisco ucs fabric interconnects 6300 series
- canonical/cisco ucs fabric interconnects 6400 series
- canonical/cisco ucs fabric interconnects 6500 series