Description

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.

Related CPE's

a

cisco

firepower_threat_defense

2

o

cisco

adaptive_security_appliance_software

3

h

cisco

firepower_1010

-

h

cisco

firepower_1120

-

h

cisco

firepower_1140

-

h

cisco

firepower_1150

-

h

cisco

firepower_2110

-

h

cisco

firepower_2120

-

h

cisco

firepower_2130

-

h

cisco

firepower_2140

-

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-78

[email protected]

Secondary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-29T18:15:09.273

4 years ago

Last modified

2023-11-07T03:28:25.300

1 year ago