Vulnerability Bulletins

Cisco Firepower Management Center Software Command Injection Vulnerabilities


System information

   
Affected software Cisco

Description

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. These vulnerabilities are due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit these vulnerabilities by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-Z3B5MY35?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20Software%20Command%20Injection%20Vulnerabilities&vs_k=1

Standar resources

Property Value
CVE CVE-2022-20925 and CVE-2022-20926.

Version history

Version Comments Date
1.0 Advisory issued 2022-12-18
Ministerio de Defensa
CNI
CCN
CCN-CERT