Lucene search

[email protected]NVD:CVE-2021-1448

HistoryApr 29, 2021 - 6:15 p.m.

CVE-2021-1448

2021-04-2918:15:09

CWE-20

CWE-78

[email protected]

web.nvd.nist.gov

cisco firepower threat defense

vulnerability

command execution

root privileges

multi-instance mode

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Affected configurations

Nvd

Node

ciscofirepower_threat_defenseRange6.4.0–6.4.0.10

ciscofirepower_threat_defenseRange6.5.0–6.5.0.5

ciscofirepower_threat_defenseRange6.6.0–6.6.1

AND

ciscofirepower_4110Match-

ciscofirepower_4112Match-

ciscofirepower_4115Match-

ciscofirepower_4120Match-

ciscofirepower_4125Match-

ciscofirepower_4140Match-

ciscofirepower_4145Match-

ciscofirepower_4150Match-

ciscofirepower_9300Match-

VendorProductVersionCPE
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
ciscofirepower_4110-cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*
ciscofirepower_4112-cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*
ciscofirepower_4115-cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*
ciscofirepower_4120-cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*
ciscofirepower_4125-cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*
ciscofirepower_4140-cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*
ciscofirepower_4145-cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*
ciscofirepower_4150-cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*
ciscofirepower_9300-cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_threat_defense	*	cpe:2.3:a:cisco:firepower_threat_defense::::::::
cisco	firepower_4110	-	cpe:2.3:h:cisco:firepower_4110:-:::::::*
cisco	firepower_4112	-	cpe:2.3:h:cisco:firepower_4112:-:::::::*
cisco	firepower_4115	-	cpe:2.3:h:cisco:firepower_4115:-:::::::*
cisco	firepower_4120	-	cpe:2.3:h:cisco:firepower_4120:-:::::::*
cisco	firepower_4125	-	cpe:2.3:h:cisco:firepower_4125:-:::::::*
cisco	firepower_4140	-	cpe:2.3:h:cisco:firepower_4140:-:::::::*
cisco	firepower_4145	-	cpe:2.3:h:cisco:firepower_4145:-:::::::*
cisco	firepower_4150	-	cpe:2.3:h:cisco:firepower_4150:-:::::::*
cisco	firepower_9300	-	cpe:2.3:h:cisco:firepower_9300:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.2%

JSON

Related for NVD:CVE-2021-1448

cve1 prion1 cvelist1 cisco1 nessus1