CVE-2015-6380OS Command Injection in Cisco Firepower Extensible Operating System

CWE-78OS Command Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firepower Extensible Operating System
Timeline
PublishedNov 24
Latest updateMay 17

Description

An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vq73-vxpx-j3wr: An unspecified script in the web interface in Cisco Firepower Extensible Operating System 12022-05-17
CVEList
CVE-2015-6380: An unspecified script in the web interface in Cisco Firepower Extensible Operating System 12015-11-24

📋Vendor Advisories

1
Cisco
Cisco Firepower 9000 Operating System Command Injection Vulnerability2015-11-23
CVE-2015-6380 — OS Command Injection in Cisco | cvebase