Cisco Unified Computing System CLI Input Validation Flaw Lets Users View and Modify Arbitrary Files on the Target System and Gain Access to Other Devices
Severity Rating: Medium
- Cisco Unified Computing System Manager
- Cisco Firepower 4100 Series Next-Generation Firewall
- Cisco Firepower 9300 Security Appliance
A vulnerability has been identified in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance and it could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is caused due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. Successful exploitation of the vulnerability can allow an attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.
Users are advised to apply updates.
More information about the update is available on:
Cisco Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street