Cisco Secure Firewall FMC and FTD Software Command Injection Vulnerability Allowing Arbitrary Command Execution as Root

A command injection vulnerability has been identified in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software). This vulnerability allows an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root privileges. The issue arises from improper input validation in certain CLI commands, enabling attackers to inject operating system commands into legitimate ones. Exploitation of this vulnerability could allow an attacker to escape the restricted command prompt and execute arbitrary commands on the operating system. To successfully exploit this vulnerability, valid Administrator credentials are required.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the underlying operating system with root privileges.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD devices, refer to the Cisco Secure FMC upgrade guide. Customers can also use the Cisco Software Checker tool to determine their exposure to vulnerabilities in Cisco Secure Firewall products and find the earliest release that fixes them.