Command Injection Vulnerability in Cisco Firepower Extensible Operating System
CVE-2015-6370

Currently unrated

Key Information:

Vendor
Cisco
Status
Firepower Extensible Operating System
Vendor
CVE Published:
19 November 2015

Summary

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System version 1.1(1.160) allows local users to exploit a command injection vulnerability. By sending specially crafted CLI inputs, an attacker could execute arbitrary operating system commands with root privileges on Firepower 9000 devices, potentially leading to unauthorized system access and control. This vulnerability highlights the need for secure coding practices and stringent access controls.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.