CVE-2015-6370 — OS Command Injection in Cisco Firepower Extensible Operating System

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 45.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System

Timeline

PublishedNov 19

Latest updateMay 17

Description

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/firepower_extensible_operating_system1.1\(1.160\)

🔴Vulnerability Details

GHSA

GHSA-6jgp-6m6r-qrvw: The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1↗2022-05-17

▶

CVEList

CVE-2015-6370: The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1↗2015-11-19

▶

📋Vendor Advisories

Cisco

Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability↗2015-11-17

▶