Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


Cisco Unified Computing System CLI Input Validation Flaw Lets Users View and Modify Arbitrary Files on the Target System and Gain Access to Other Devices
Severity Rating: Medium
Systems Affected:
  • Cisco Unified Computing System Manager
  • Cisco Firepower 4100 Series Next-Generation Firewall
  • Cisco Firepower 9300 Security Appliance
A vulnerability has been identified in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance and it could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is caused due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. Successful exploitation of the vulnerability can allow an attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.
Users are advised to apply updates.
More information about the update is available on:
Vendor Information
CVE Information
Cisco Security Bulletin
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis