CVE-2021-1448Improper Input Validation in Cisco Firepower Threat Defense

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Threat DefenseCisco Firepower Threat Defense Software
Timeline
PublishedApr 29
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacke

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/firepower_threat_defense6.4.06.4.0.10+2

🔴Vulnerability Details

2
GHSA
GHSA-9448-xggx-x86q: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands2022-05-24
CVEList
Cisco Firepower Threat Defense Software Command Injection Vulnerability2021-04-29

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software Command Injection Vulnerability2021-04-28
CVE-2021-1448 — Improper Input Validation in Cisco | cvebase