Path Traversal Vulnerability in Cisco Firepower 4100 and 9300 Series Appliances
CVE-2018-0300

7.2HIGH

Key Information:

Vendor

Cisco
Status
Cisco Firepower 4100 Series Next-generation Firewall And Firepower 9300 Security Appliance Unknown
Vendor
CVE Published:
21 June 2018

What is CVE-2018-0300?

A vulnerability exists in the image upload process for Cisco Firepower 4100 Series NGFW and Firepower 9300 appliances. This issue arises from poor validation during uploads, enabling an authenticated remote attacker to employ path traversal techniques to create or overwrite arbitrary files on the impacted systems. The attacker can exploit this vulnerability by crafting a malicious application image and using either the command line interface (CLI) or web-based interface to install it. Notably, this occurs before signature verification, allowing potential execution of arbitrary code with root privileges. If an application image lacks a valid signature, it will cause the upload to fail but does not mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance unknown Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance unknown

References

http://www.securitytracker.com/id/1041169
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.