Command Injection Vulnerability in Cisco Firepower 9000 Operating System
CVE-2015-6380

Currently unrated

Key Information:

Vendor
Cisco
Status
Firepower Extensible Operating System
Vendor
CVE Published:
24 November 2015

Summary

A significant security flaw exists in the web interface of Cisco Firepower Extensible Operating System 1.1(1.160) utilized by Firepower 9000 devices. This vulnerability permits remote authenticated users to execute arbitrary operating system commands by manipulating crafted parameters. Such an exploit can lead to unauthorized access and control over the device, making it critical for users to ensure that their systems are updated and patched aligned with Cisco’s security advisories.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.