Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-FTD-CMDINJ-VWY5WQZT
HistoryApr 28, 2021 - 4:00 p.m.

Cisco Firepower Threat Defense Software Command Injection Vulnerability

2021-04-2816:00:00
tools.cisco.com
59
cisco
firepower threat defense
software
command injection
vulnerability
root privileges
multi-instance
cisco advisory

EPSS

0

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode.

This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT”]

This advisory is part of the April 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74594”].

Affected configurations

Vulners
Node
ciscofirepower_threat_defense_softwareMatch6.6
OR
ciscofirepower_threat_defense_softwareMatch6.4
OR
ciscofirepower_2100_firmwareMatchany
OR
ciscofirepower_9000_firmwareMatchany
OR
ciscofirepower_4100_next-generation_firewall_firmwareMatchany
OR
ciscounified_threat_defenseMatchany
OR
ciscofirepower_threat_defense_softwareMatch6.6.0
OR
ciscofirepower_threat_defense_softwareMatch6.4.0.7
OR
ciscofirepower_threat_defense_softwareMatch6.4.0.8
OR
ciscofirepower_threat_defense_softwareMatch6.4.0.9
OR
ciscofirepower_threat_defense_softwareMatch2100_series
OR
ciscofirepower_threat_defense_softwareMatch9000_series
OR
ciscofirepower_threat_defense_softwareMatch4100_series
OR
ciscofirepower_threat_defense_softwareMatchany
OR
ciscofirepower_threat_defense_softwareMatch6.6.0_when_installed_on_cisco_secure_firewall_threat_defense_virtual
OR
ciscofirepower_threat_defense_softwareMatch2100_series
OR
ciscofirepower_threat_defense_softwareMatch4100_series
OR
ciscofirepower_threat_defense_softwareMatch9000_series
OR
ciscofirepower_threat_defense_softwareMatch4100_series
OR
ciscofirepower_threat_defense_softwareMatch2100_series
OR
ciscofirepower_threat_defense_softwareMatch9000_series
OR
ciscofirepower_threat_defense_softwareMatch4100_series
VendorProductVersionCPE
ciscofirepower_threat_defense_software6.6cpe:2.3:a:cisco:firepower_threat_defense_software:6.6:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.4cpe:2.3:a:cisco:firepower_threat_defense_software:6.4:*:*:*:*:*:*:*
ciscofirepower_2100_firmwareanycpe:2.3:o:cisco:firepower_2100_firmware:any:*:*:*:*:*:*:*
ciscofirepower_9000_firmwareanycpe:2.3:o:cisco:firepower_9000_firmware:any:*:*:*:*:*:*:*
ciscofirepower_4100_next-generation_firewall_firmwareanycpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:*
ciscounified_threat_defenseanycpe:2.3:a:cisco:unified_threat_defense:any:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.6.0cpe:2.3:a:cisco:firepower_threat_defense_software:6.6.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.4.0.7cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.7:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.4.0.8cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.8:*:*:*:*:*:*:*
ciscofirepower_threat_defense_software6.4.0.9cpe:2.3:a:cisco:firepower_threat_defense_software:6.4.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

Related

cve 1
prion 1
cvelist 1
nessus 1
nvd 1
cve
cve
CVE-2021-1448
2021-04-29 18:15:09
prion
prion
Input validation
2021-04-29 18:15:00
cvelist
cvelist
CVE-2021-1448 Cisco Firepower Threat Defense Software Command Injection Vulnerability
2021-04-29 17:30:33
nessus
nessus
Cisco Firepower Threat Defense Software Command Injection (cisco-sa-ftd-cmdinj-vWY5wqZT)
2021-05-11 00:00:00
nvd
nvd
CVE-2021-1448
2021-04-29 18:15:09

EPSS

0

Percentile

5.2%

JSON
Related for CISCO-SA-FTD-CMDINJ-VWY5WQZT
cve1prion1cvelist1nessus1nvd1