Cisco Secure Firewall ASA and FTD Software Lua Code Injection Vulnerability Allowing Arbitrary Code Execution as Root

A vulnerability exists in certain CLI commands on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It allows an authenticated, local attacker to inject Lua code that could be executed on the underlying operating system with root privileges. This issue arises because user input is not properly sanitized. An attacker with valid Administrator credentials could exploit this vulnerability by crafting Lua code and submitting it as a parameter for a CLI command, leading to arbitrary code execution as the root user.

Impact

Exploitation of this vulnerability could result in unauthorized Lua code execution on the operating system, with elevated privileges as the root user.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD devices, refer to the Cisco Secure FMC upgrade guide. To determine the best release to upgrade to, consult the Cisco Secure Firewall Threat Defense Compatibility Guide.