CVE-2021-1448

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

History

21 Oct 2022, 19:43

Type Values Removed Values Added
CWE CWE-20 CWE-78

Information

Published : 2021-04-29 18:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-1448

Mitre link : CVE-2021-1448

CVE.ORG link : CVE-2021-1448


JSON object : View

Products Affected

cisco

  • firepower_4125
  • firepower_4140
  • firepower_4112
  • firepower_4115
  • firepower_4145
  • firepower_4150
  • firepower_4110
  • firepower_4120
  • firepower_9300
  • firepower_threat_defense
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20

Improper Input Validation