Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
Vulnerability Description
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Cisco Firepower Threat Defense 输入验证错误漏洞
Vulnerability Description
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense Software 存在输入验证错误漏洞,该漏洞源于对特定 CLI 命令的用户输入的验证不完整。攻击者可以通过对具有管理权限的设备进行身份验证并使用精心设计的用户参数发出 CLI 命令来利用此漏洞。成功的利用可能允许攻击者使用root级权限覆盖或附加任意数据到系统文件。
CVSS Information
N/A
Vulnerability Type
N/A