RCE in Cisco Firepower_extensible_operating_system

CVE-2015-6370

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (55.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Firepower_extensible_operating_system — versions 1.1\(1.160\)
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

20151117 Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)