RCE in Cisco Firepower_extensible_operating_system
CVE-2015-6380
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.
Affected products
- Cisco Firepower_extensible_operating_system — versions 1.1\(1.160\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 20151123 Cisco Firepower 9000 Operating System Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)