Cisco Secure Firewall FMC and FTD Software Path Traversal Vulnerability Allowing Arbitrary File Write as Root

A path traversal vulnerability has been identified in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability could enable an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. The issue arises from inadequate validation of directory paths during file synchronization, allowing attackers to craft paths that escape the intended file location. Exploitation of this vulnerability could result in the creation or replacement of any file on the operating system.

Impact

Successful exploitation allows for arbitrary file writing as root on the underlying operating system, potentially leading to unauthorized modifications or disruptions of system functionality.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD devices, refer to the Cisco Secure FMC upgrade guide. To determine the appropriate version to upgrade to, use the Cisco Software Checker tool, which identifies vulnerabilities impacting specific software releases and the earliest fixed release.