Boletines de Vulnerabilidades

Cisco Firepower Threat Defense Software and Cisco FXOS Software Command Injection Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20Software%20and%20Cisco%20FXOS%20Software%20Command%20Injection%20Vulnerability&vs_k=1

Identificadores estándar
Propiedad Valor
CVE CVE-2022-20934.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-12-23

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT