Path Traversal Vulnerability in Cisco Firepower 4100 and 9300 Series Appliances
CVE-2018-0300

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Firepower 4100 Series Next-generation Firewall And Firepower 9300 Security Appliance Unknown
Vendor: CVE Published:; 21 June 2018

Summary

A vulnerability exists in the image upload process for Cisco Firepower 4100 Series NGFW and Firepower 9300 appliances. This issue arises from poor validation during uploads, enabling an authenticated remote attacker to employ path traversal techniques to create or overwrite arbitrary files on the impacted systems. The attacker can exploit this vulnerability by crafting a malicious application image and using either the command line interface (CLI) or web-based interface to install it. Notably, this occurs before signature verification, allowing potential execution of arbitrary code with root privileges. If an application image lacks a valid signature, it will cause the upload to fail but does not mitigate this risk.

Affected Version(s)

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance unknown Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance unknown

References

http://www.securitytracker.com/id/1041169

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017