Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-3459 (GCVE-0-2020-3459)
Vulnerability from cvelistv5
Published
2020-10-21 18:35
Modified
2024-11-13 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Extensible Operating System (FXOS) |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:17:25.426580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:49:25.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Extensible Operating System (FXOS)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T18:35:59",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
],
"source": {
"advisory": "cisco-sa-fxos-cmdinj-b63rwKPm",
"defect": [
[
"CSCvt65399"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-10-21T16:00:00",
"ID": "CVE-2020-3459",
"STATE": "PUBLIC",
"TITLE": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Extensible Operating System (FXOS)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
]
},
"source": {
"advisory": "cisco-sa-fxos-cmdinj-b63rwKPm",
"defect": [
[
"CSCvt65399"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3459",
"datePublished": "2020-10-21T18:35:59.759359Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T17:49:25.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-3459\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-10-21T19:15:16.543\",\"lastModified\":\"2024-11-21T05:31:06.810\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la CLI de Cisco FXOS Software podr\u00eda permitir a un atacante local autenticado inyectar comandos arbitrarios que son ejecutados con privilegios root.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada de los comandos suministrados por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la autenticaci\u00f3n en un dispositivo y enviar una entrada dise\u00f1ada hacia el comando afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos en el sistema operativo subyacente con privilegios root\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.1.266\",\"matchCriteriaId\":\"AA86E43C-D2E1-43E2-9222-BAD2892506B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6\",\"versionEndExcluding\":\"2.6.1.204\",\"matchCriteriaId\":\"B6DCD71B-89A0-4D38-89F8-DB358145FDA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7\",\"versionEndExcluding\":\"2.7.1.131\",\"matchCriteriaId\":\"C2E8A64D-C8E2-4030-8616-D47741E43E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8\",\"versionEndExcluding\":\"2.8.1.125\",\"matchCriteriaId\":\"5C931A1B-3465-4CD6-A62A-BFA0180A917E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CBC7F5-7767-43B6-9384-BE143FCDBD7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957D64EB-D60E-4775-B9A8-B21CA48ED3B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A694AD51-9008-4AE6-8240-98B17AB527EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38AE6DC0-2B03-4D36-9856-42530312CC46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DCEF22-ED20-4330-8502-EC2DD4C9838F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB2822B-B752-4CD9-A178-934957E306B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F4868A-6D62-479C-9C19-F9AABDBB6B24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65378F3A-777C-4AE2-87FB-1E7402F9EA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18048A84-BA0F-48EF-AFFB-635FF7F70C66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-36:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"317DF3DD-C7CD-4CA2-804F-A738E048BEB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C13CF29B-9308-452B-B7E0-9E818B5A6C1E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-44:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB527C2-855E-4BB9-BCA7-94BE86100D44\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82C1B05-990D-49D2-B80A-C3EDD4082840\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421D91C3-8AB3-45E1-9E55-13ED1A4A623E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D741945-8B0A-408D-A5FE-D5B38DC6D46A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9308CA67-E949-4338-A890-22B3C4428D70\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm\", \"name\": \"20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:37:54.127Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3459\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T17:17:25.426580Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T17:19:45.808Z\"}}], \"cna\": {\"title\": \"Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability\", \"source\": {\"defect\": [[\"CSCvt65399\"]], \"advisory\": \"cisco-sa-fxos-cmdinj-b63rwKPm\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Extensible Operating System (FXOS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-10-21T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm\", \"name\": \"20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-10-21T18:35:59\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"6.7\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvt65399\"]], \"advisory\": \"cisco-sa-fxos-cmdinj-b63rwKPm\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Firepower Extensible Operating System (FXOS)\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm\", \"name\": \"20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-78\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3459\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-10-21T16:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-3459\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:49:25.983Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-10-21T18:35:59.759359Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2020-3459
Vulnerability from fkie_nvd
Published
2020-10-21 19:15
Modified
2024-11-21 05:31
Severity ?
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA86E43C-D2E1-43E2-9222-BAD2892506B1",
"versionEndExcluding": "2.4.1.266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DCD71B-89A0-4D38-89F8-DB358145FDA0",
"versionEndExcluding": "2.6.1.204",
"versionStartIncluding": "2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E8A64D-C8E2-4030-8616-D47741E43E3A",
"versionEndExcluding": "2.7.1.131",
"versionStartIncluding": "2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C931A1B-3465-4CD6-A62A-BFA0180A917E",
"versionEndExcluding": "2.8.1.125",
"versionStartIncluding": "2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
"matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18048A84-BA0F-48EF-AFFB-635FF7F70C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317DF3DD-C7CD-4CA2-804F-A738E048BEB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13CF29B-9308-452B-B7E0-9E818B5A6C1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-44:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB527C2-855E-4BB9-BCA7-94BE86100D44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E82C1B05-990D-49D2-B80A-C3EDD4082840",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "421D91C3-8AB3-45E1-9E55-13ED1A4A623E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D741945-8B0A-408D-A5FE-D5B38DC6D46A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9308CA67-E949-4338-A890-22B3C4428D70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de Cisco FXOS Software podr\u00eda permitir a un atacante local autenticado inyectar comandos arbitrarios que son ejecutados con privilegios root.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada de los comandos suministrados por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la autenticaci\u00f3n en un dispositivo y enviar una entrada dise\u00f1ada hacia el comando afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos en el sistema operativo subyacente con privilegios root"
}
],
"id": "CVE-2020-3459",
"lastModified": "2024-11-21T05:31:06.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T19:15:16.543",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2020-61953
Vulnerability from cnvd
Title: Cisco FXOS命令执行漏洞
Description:
Cisco FXOS Software是美国思科(Cisco)公司的一套运行在思科安全设备中的防火墙软件。
Cisco FXOS存在安全漏洞,该漏洞源于用户提供的命令的输入验证不足造成的。攻击者可利用该漏洞可以通过对设备进行身份验证并向受影响的命令提交精心设计的输入来利用此漏洞,在底层操作系统上使用root特权执行命令。
Severity: 高
Patch Name: Cisco FXOS命令执行漏洞的补丁
Patch Description:
Cisco FXOS Software是美国思科(Cisco)公司的一套运行在思科安全设备中的防火墙软件。
Cisco FXOS存在安全漏洞,该漏洞源于用户提供的命令的输入验证不足造成的。攻击者可利用该漏洞可以通过对设备进行身份验证并向受影响的命令提交精心设计的输入来利用此漏洞,在底层操作系统上使用root特权执行命令。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-3459
Impacted products
| Name | Cisco Cisco FXOS |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-3459",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-3459"
}
},
"description": "Cisco FXOS Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u5728\u601d\u79d1\u5b89\u5168\u8bbe\u5907\u4e2d\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002\n\nCisco FXOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63d0\u4f9b\u7684\u547d\u4ee4\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u5411\u53d7\u5f71\u54cd\u7684\u547d\u4ee4\u63d0\u4ea4\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u8f93\u5165\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u4f7f\u7528root\u7279\u6743\u6267\u884c\u547d\u4ee4\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-61953",
"openTime": "2020-11-11",
"patchDescription": "Cisco FXOS Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u5728\u601d\u79d1\u5b89\u5168\u8bbe\u5907\u4e2d\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002\r\n\r\nCisco FXOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63d0\u4f9b\u7684\u547d\u4ee4\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u5411\u53d7\u5f71\u54cd\u7684\u547d\u4ee4\u63d0\u4ea4\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u8f93\u5165\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u4f7f\u7528root\u7279\u6743\u6267\u884c\u547d\u4ee4\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco FXOS\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Cisco Cisco FXOS"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3459",
"serverity": "\u9ad8",
"submitTime": "2020-10-23",
"title": "Cisco FXOS\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}
cisco-sa-fxos-cmdinj-b63rwkpm
Vulnerability from csaf_cisco
Published
2020-10-21 16:00
Modified
2020-10-21 16:00
Summary
Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability
Notes
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Vulnerable Products
At the time of publication, this vulnerability affected Cisco FXOS Software when running on the following platforms:
Firepower 4100 Series Appliances
Firepower 9300 Series Appliances
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Firepower 1000 Series Appliances or Firepower 2100 Series Appliances.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Fixed Releases
At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.
Cisco FXOS Software Cisco FXOS Software Release First Fixed Release for this Vulnerability Earlier than 2.2 Migrate to a fixed release. 2.2 Migrate to a fixed release. 2.3 Migrate to a fixed release. 2.4 2.4.1.266 2.6 2.6.1.204 2.7 2.7.1.131 2.8 2.8.1.125
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was found during internal security testing.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "This vulnerability was found during internal security testing."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.\r\n\r\nThe vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "At the time of publication, this vulnerability affected Cisco FXOS Software when running on the following platforms:\r\n\r\nFirepower 4100 Series Appliances\r\nFirepower 9300 Series Appliances\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect Firepower 1000 Series Appliances or Firepower 2100 Series Appliances.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "There are no workarounds that address this vulnerability.",
"title": "Workarounds"
},
{
"category": "general",
"text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Fixed Releases\r\nAt the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n\r\nThe left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.\r\n Cisco FXOS Software Cisco FXOS Software Release First Fixed Release for this Vulnerability Earlier than 2.2 Migrate to a fixed release. 2.2 Migrate to a fixed release. 2.3 Migrate to a fixed release. 2.4 2.4.1.266 2.6 2.6.1.204 2.7 2.7.1.131 2.8 2.8.1.125",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "This vulnerability was found during internal security testing.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "considering software upgrades",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;Security Advisories page",
"url": "https://www.cisco.com/go/psirt"
}
],
"title": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"tracking": {
"current_release_date": "2020-10-21T16:00:00+00:00",
"generator": {
"date": "2024-05-10T22:55:00+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-fxos-cmdinj-b63rwKPm",
"initial_release_date": "2020-10-21T16:00:00+00:00",
"revision_history": [
{
"date": "2020-10-09T21:26:34+00:00",
"number": "1.0.0",
"summary": "Initial public release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "service_pack",
"name": "2.2.1.63",
"product": {
"name": "2.2.1.63",
"product_id": "CSAFPID-253492"
}
},
{
"category": "service_pack",
"name": "2.2.1.66",
"product": {
"name": "2.2.1.66",
"product_id": "CSAFPID-253493"
}
},
{
"category": "service_pack",
"name": "2.2.1.70",
"product": {
"name": "2.2.1.70",
"product_id": "CSAFPID-253494"
}
},
{
"category": "service_pack",
"name": "2.2.2.17",
"product": {
"name": "2.2.2.17",
"product_id": "CSAFPID-253495"
}
},
{
"category": "service_pack",
"name": "2.2.2.19",
"product": {
"name": "2.2.2.19",
"product_id": "CSAFPID-253496"
}
},
{
"category": "service_pack",
"name": "2.2.2.24",
"product": {
"name": "2.2.2.24",
"product_id": "CSAFPID-253497"
}
},
{
"category": "service_pack",
"name": "2.2.2.26",
"product": {
"name": "2.2.2.26",
"product_id": "CSAFPID-253498"
}
},
{
"category": "service_pack",
"name": "2.2.2.28",
"product": {
"name": "2.2.2.28",
"product_id": "CSAFPID-253499"
}
},
{
"category": "service_pack",
"name": "2.2.2.54",
"product": {
"name": "2.2.2.54",
"product_id": "CSAFPID-253500"
}
},
{
"category": "service_pack",
"name": "2.2.2.60",
"product": {
"name": "2.2.2.60",
"product_id": "CSAFPID-253501"
}
},
{
"category": "service_pack",
"name": "2.2.2.71",
"product": {
"name": "2.2.2.71",
"product_id": "CSAFPID-253502"
}
},
{
"category": "service_pack",
"name": "2.2.2.83",
"product": {
"name": "2.2.2.83",
"product_id": "CSAFPID-253503"
}
},
{
"category": "service_pack",
"name": "2.2.2.86",
"product": {
"name": "2.2.2.86",
"product_id": "CSAFPID-253504"
}
},
{
"category": "service_pack",
"name": "2.2.2.91",
"product": {
"name": "2.2.2.91",
"product_id": "CSAFPID-273567"
}
},
{
"category": "service_pack",
"name": "2.2.2.97",
"product": {
"name": "2.2.2.97",
"product_id": "CSAFPID-273568"
}
},
{
"category": "service_pack",
"name": "2.2.2.101",
"product": {
"name": "2.2.2.101",
"product_id": "CSAFPID-273569"
}
},
{
"category": "service_pack",
"name": "2.2.2.137",
"product": {
"name": "2.2.2.137",
"product_id": "CSAFPID-280408"
}
}
],
"category": "product_version",
"name": "2.2"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.3.1.99",
"product": {
"name": "2.3.1.99",
"product_id": "CSAFPID-256167"
}
},
{
"category": "service_pack",
"name": "2.3.1.93",
"product": {
"name": "2.3.1.93",
"product_id": "CSAFPID-256168"
}
},
{
"category": "service_pack",
"name": "2.3.1.91",
"product": {
"name": "2.3.1.91",
"product_id": "CSAFPID-256169"
}
},
{
"category": "service_pack",
"name": "2.3.1.88",
"product": {
"name": "2.3.1.88",
"product_id": "CSAFPID-256170"
}
},
{
"category": "service_pack",
"name": "2.3.1.75",
"product": {
"name": "2.3.1.75",
"product_id": "CSAFPID-256171"
}
},
{
"category": "service_pack",
"name": "2.3.1.73",
"product": {
"name": "2.3.1.73",
"product_id": "CSAFPID-256172"
}
},
{
"category": "service_pack",
"name": "2.3.1.66",
"product": {
"name": "2.3.1.66",
"product_id": "CSAFPID-256173"
}
},
{
"category": "service_pack",
"name": "2.3.1.58",
"product": {
"name": "2.3.1.58",
"product_id": "CSAFPID-256174"
}
},
{
"category": "service_pack",
"name": "2.3.1.130",
"product": {
"name": "2.3.1.130",
"product_id": "CSAFPID-256175"
}
},
{
"category": "service_pack",
"name": "2.3.1.111",
"product": {
"name": "2.3.1.111",
"product_id": "CSAFPID-256176"
}
},
{
"category": "service_pack",
"name": "2.3.1.110",
"product": {
"name": "2.3.1.110",
"product_id": "CSAFPID-256177"
}
},
{
"category": "service_pack",
"name": "2.3.1.144",
"product": {
"name": "2.3.1.144",
"product_id": "CSAFPID-271836"
}
},
{
"category": "service_pack",
"name": "2.3.1.145",
"product": {
"name": "2.3.1.145",
"product_id": "CSAFPID-271837"
}
},
{
"category": "service_pack",
"name": "2.3.1.155",
"product": {
"name": "2.3.1.155",
"product_id": "CSAFPID-271838"
}
},
{
"category": "service_pack",
"name": "2.3.1.166",
"product": {
"name": "2.3.1.166",
"product_id": "CSAFPID-271839"
}
},
{
"category": "service_pack",
"name": "2.3.1.173",
"product": {
"name": "2.3.1.173",
"product_id": "CSAFPID-276492"
}
},
{
"category": "service_pack",
"name": "2.3.1.179",
"product": {
"name": "2.3.1.179",
"product_id": "CSAFPID-279079"
}
},
{
"category": "service_pack",
"name": "2.3.1.180",
"product": {
"name": "2.3.1.180",
"product_id": "CSAFPID-279082"
}
},
{
"category": "service_pack",
"name": "2.3.1.56",
"product": {
"name": "2.3.1.56",
"product_id": "CSAFPID-279083"
}
}
],
"category": "product_version",
"name": "2.3"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.6.1.131",
"product": {
"name": "2.6.1.131",
"product_id": "CSAFPID-271847"
}
},
{
"category": "service_pack",
"name": "2.6.1.157",
"product": {
"name": "2.6.1.157",
"product_id": "CSAFPID-271848"
}
},
{
"category": "service_pack",
"name": "2.6.1.166",
"product": {
"name": "2.6.1.166",
"product_id": "CSAFPID-271849"
}
},
{
"category": "service_pack",
"name": "2.6.1.169",
"product": {
"name": "2.6.1.169",
"product_id": "CSAFPID-271850"
}
},
{
"category": "service_pack",
"name": "2.6.1.174",
"product": {
"name": "2.6.1.174",
"product_id": "CSAFPID-271851"
}
},
{
"category": "service_pack",
"name": "2.6.1.187",
"product": {
"name": "2.6.1.187",
"product_id": "CSAFPID-276494"
}
},
{
"category": "service_pack",
"name": "2.6.1.192",
"product": {
"name": "2.6.1.192",
"product_id": "CSAFPID-279102"
}
}
],
"category": "product_version",
"name": "2.6"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.8.1.105",
"product": {
"name": "2.8.1.105",
"product_id": "CSAFPID-279105"
}
}
],
"category": "product_version",
"name": "2.8"
}
],
"category": "product_family",
"name": "Cisco Firepower Extensible Operating System (FXOS)"
},
{
"category": "product_name",
"name": "Cisco Firepower 9000 Series",
"product": {
"name": "Cisco Firepower 9000 Series",
"product_id": "CSAFPID-277440"
}
},
{
"category": "product_name",
"name": "Cisco Firepower 4100 Series",
"product": {
"name": "Cisco Firepower 4100 Series",
"product_id": "CSAFPID-277441"
}
}
],
"category": "vendor",
"name": "Cisco"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.63 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253492:277441"
},
"product_reference": "CSAFPID-253492",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253493:277440"
},
"product_reference": "CSAFPID-253493",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253493:277441"
},
"product_reference": "CSAFPID-253493",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.70 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253494:277440"
},
"product_reference": "CSAFPID-253494",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.17 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253495:277440"
},
"product_reference": "CSAFPID-253495",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.19 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253496:277441"
},
"product_reference": "CSAFPID-253496",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.24 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253497:277441"
},
"product_reference": "CSAFPID-253497",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.26 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253498:277440"
},
"product_reference": "CSAFPID-253498",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.26 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253498:277441"
},
"product_reference": "CSAFPID-253498",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.28 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253499:277440"
},
"product_reference": "CSAFPID-253499",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.54 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253500:277440"
},
"product_reference": "CSAFPID-253500",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.54 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253500:277441"
},
"product_reference": "CSAFPID-253500",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.60 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253501:277440"
},
"product_reference": "CSAFPID-253501",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.60 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253501:277441"
},
"product_reference": "CSAFPID-253501",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.71 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253502:277440"
},
"product_reference": "CSAFPID-253502",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.71 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253502:277441"
},
"product_reference": "CSAFPID-253502",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.83 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253503:277440"
},
"product_reference": "CSAFPID-253503",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.83 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253503:277441"
},
"product_reference": "CSAFPID-253503",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.86 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253504:277440"
},
"product_reference": "CSAFPID-253504",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.91 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273567:277440"
},
"product_reference": "CSAFPID-273567",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.97 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273568:277440"
},
"product_reference": "CSAFPID-273568",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.101 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273569:277440"
},
"product_reference": "CSAFPID-273569",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.137 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-280408:277440"
},
"product_reference": "CSAFPID-280408",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.137 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-280408:277441"
},
"product_reference": "CSAFPID-280408",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256167:277440"
},
"product_reference": "CSAFPID-256167",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256167:277441"
},
"product_reference": "CSAFPID-256167",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.93 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256168:277440"
},
"product_reference": "CSAFPID-256168",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.91 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256169:277441"
},
"product_reference": "CSAFPID-256169",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256170:277440"
},
"product_reference": "CSAFPID-256170",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256170:277441"
},
"product_reference": "CSAFPID-256170",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.75 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256171:277441"
},
"product_reference": "CSAFPID-256171",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256172:277440"
},
"product_reference": "CSAFPID-256172",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256172:277441"
},
"product_reference": "CSAFPID-256172",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256173:277440"
},
"product_reference": "CSAFPID-256173",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256173:277441"
},
"product_reference": "CSAFPID-256173",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.58 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256174:277440"
},
"product_reference": "CSAFPID-256174",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.130 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256175:277440"
},
"product_reference": "CSAFPID-256175",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.130 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256175:277441"
},
"product_reference": "CSAFPID-256175",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.111 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256176:277440"
},
"product_reference": "CSAFPID-256176",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.111 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256176:277441"
},
"product_reference": "CSAFPID-256176",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.110 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256177:277440"
},
"product_reference": "CSAFPID-256177",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.110 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256177:277441"
},
"product_reference": "CSAFPID-256177",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.144 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271836:277441"
},
"product_reference": "CSAFPID-271836",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.145 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271837:277441"
},
"product_reference": "CSAFPID-271837",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.155 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271838:277440"
},
"product_reference": "CSAFPID-271838",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.166 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271839:277440"
},
"product_reference": "CSAFPID-271839",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.166 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271839:277441"
},
"product_reference": "CSAFPID-271839",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.173 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-276492:277440"
},
"product_reference": "CSAFPID-276492",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.179 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279079:277440"
},
"product_reference": "CSAFPID-279079",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.179 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279079:277441"
},
"product_reference": "CSAFPID-279079",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.180 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279082:277441"
},
"product_reference": "CSAFPID-279082",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.56 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279083:277440"
},
"product_reference": "CSAFPID-279083",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.131 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271847:277440"
},
"product_reference": "CSAFPID-271847",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.131 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271847:277441"
},
"product_reference": "CSAFPID-271847",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.157 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271848:277440"
},
"product_reference": "CSAFPID-271848",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.157 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271848:277441"
},
"product_reference": "CSAFPID-271848",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.166 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271849:277440"
},
"product_reference": "CSAFPID-271849",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.166 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271849:277441"
},
"product_reference": "CSAFPID-271849",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.169 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271850:277440"
},
"product_reference": "CSAFPID-271850",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.169 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271850:277441"
},
"product_reference": "CSAFPID-271850",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.174 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271851:277440"
},
"product_reference": "CSAFPID-271851",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.174 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271851:277441"
},
"product_reference": "CSAFPID-271851",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.187 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-276494:277441"
},
"product_reference": "CSAFPID-276494",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.192 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279102:277440"
},
"product_reference": "CSAFPID-279102",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.192 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279102:277441"
},
"product_reference": "CSAFPID-279102",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.8.1.105 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279105:277440"
},
"product_reference": "CSAFPID-279105",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.8.1.105 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279105:277441"
},
"product_reference": "CSAFPID-279105",
"relates_to_product_reference": "CSAFPID-277441"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3459",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvt65399"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
]
},
"release_date": "2020-10-21T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
]
}
],
"title": "Cisco FXOS Software Command Injection Vulnerability"
}
]
}
cisco-sa-fxos-cmdinj-b63rwKPm
Vulnerability from csaf_cisco
Published
2020-10-21 16:00
Modified
2020-10-21 16:00
Summary
Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability
Notes
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Vulnerable Products
At the time of publication, this vulnerability affected Cisco FXOS Software when running on the following platforms:
Firepower 4100 Series Appliances
Firepower 9300 Series Appliances
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Firepower 1000 Series Appliances or Firepower 2100 Series Appliances.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Fixed Releases
At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.
Cisco FXOS Software Cisco FXOS Software Release First Fixed Release for this Vulnerability Earlier than 2.2 Migrate to a fixed release. 2.2 Migrate to a fixed release. 2.3 Migrate to a fixed release. 2.4 2.4.1.266 2.6 2.6.1.204 2.7 2.7.1.131 2.8 2.8.1.125
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was found during internal security testing.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "This vulnerability was found during internal security testing."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.\r\n\r\nThe vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "At the time of publication, this vulnerability affected Cisco FXOS Software when running on the following platforms:\r\n\r\nFirepower 4100 Series Appliances\r\nFirepower 9300 Series Appliances\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect Firepower 1000 Series Appliances or Firepower 2100 Series Appliances.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "There are no workarounds that address this vulnerability.",
"title": "Workarounds"
},
{
"category": "general",
"text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Fixed Releases\r\nAt the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n\r\nThe left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.\r\n Cisco FXOS Software Cisco FXOS Software Release First Fixed Release for this Vulnerability Earlier than 2.2 Migrate to a fixed release. 2.2 Migrate to a fixed release. 2.3 Migrate to a fixed release. 2.4 2.4.1.266 2.6 2.6.1.204 2.7 2.7.1.131 2.8 2.8.1.125",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "This vulnerability was found during internal security testing.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "considering software upgrades",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;Security Advisories page",
"url": "https://www.cisco.com/go/psirt"
}
],
"title": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"tracking": {
"current_release_date": "2020-10-21T16:00:00+00:00",
"generator": {
"date": "2024-05-10T22:55:00+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-fxos-cmdinj-b63rwKPm",
"initial_release_date": "2020-10-21T16:00:00+00:00",
"revision_history": [
{
"date": "2020-10-09T21:26:34+00:00",
"number": "1.0.0",
"summary": "Initial public release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "service_pack",
"name": "2.2.1.63",
"product": {
"name": "2.2.1.63",
"product_id": "CSAFPID-253492"
}
},
{
"category": "service_pack",
"name": "2.2.1.66",
"product": {
"name": "2.2.1.66",
"product_id": "CSAFPID-253493"
}
},
{
"category": "service_pack",
"name": "2.2.1.70",
"product": {
"name": "2.2.1.70",
"product_id": "CSAFPID-253494"
}
},
{
"category": "service_pack",
"name": "2.2.2.17",
"product": {
"name": "2.2.2.17",
"product_id": "CSAFPID-253495"
}
},
{
"category": "service_pack",
"name": "2.2.2.19",
"product": {
"name": "2.2.2.19",
"product_id": "CSAFPID-253496"
}
},
{
"category": "service_pack",
"name": "2.2.2.24",
"product": {
"name": "2.2.2.24",
"product_id": "CSAFPID-253497"
}
},
{
"category": "service_pack",
"name": "2.2.2.26",
"product": {
"name": "2.2.2.26",
"product_id": "CSAFPID-253498"
}
},
{
"category": "service_pack",
"name": "2.2.2.28",
"product": {
"name": "2.2.2.28",
"product_id": "CSAFPID-253499"
}
},
{
"category": "service_pack",
"name": "2.2.2.54",
"product": {
"name": "2.2.2.54",
"product_id": "CSAFPID-253500"
}
},
{
"category": "service_pack",
"name": "2.2.2.60",
"product": {
"name": "2.2.2.60",
"product_id": "CSAFPID-253501"
}
},
{
"category": "service_pack",
"name": "2.2.2.71",
"product": {
"name": "2.2.2.71",
"product_id": "CSAFPID-253502"
}
},
{
"category": "service_pack",
"name": "2.2.2.83",
"product": {
"name": "2.2.2.83",
"product_id": "CSAFPID-253503"
}
},
{
"category": "service_pack",
"name": "2.2.2.86",
"product": {
"name": "2.2.2.86",
"product_id": "CSAFPID-253504"
}
},
{
"category": "service_pack",
"name": "2.2.2.91",
"product": {
"name": "2.2.2.91",
"product_id": "CSAFPID-273567"
}
},
{
"category": "service_pack",
"name": "2.2.2.97",
"product": {
"name": "2.2.2.97",
"product_id": "CSAFPID-273568"
}
},
{
"category": "service_pack",
"name": "2.2.2.101",
"product": {
"name": "2.2.2.101",
"product_id": "CSAFPID-273569"
}
},
{
"category": "service_pack",
"name": "2.2.2.137",
"product": {
"name": "2.2.2.137",
"product_id": "CSAFPID-280408"
}
}
],
"category": "product_version",
"name": "2.2"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.3.1.99",
"product": {
"name": "2.3.1.99",
"product_id": "CSAFPID-256167"
}
},
{
"category": "service_pack",
"name": "2.3.1.93",
"product": {
"name": "2.3.1.93",
"product_id": "CSAFPID-256168"
}
},
{
"category": "service_pack",
"name": "2.3.1.91",
"product": {
"name": "2.3.1.91",
"product_id": "CSAFPID-256169"
}
},
{
"category": "service_pack",
"name": "2.3.1.88",
"product": {
"name": "2.3.1.88",
"product_id": "CSAFPID-256170"
}
},
{
"category": "service_pack",
"name": "2.3.1.75",
"product": {
"name": "2.3.1.75",
"product_id": "CSAFPID-256171"
}
},
{
"category": "service_pack",
"name": "2.3.1.73",
"product": {
"name": "2.3.1.73",
"product_id": "CSAFPID-256172"
}
},
{
"category": "service_pack",
"name": "2.3.1.66",
"product": {
"name": "2.3.1.66",
"product_id": "CSAFPID-256173"
}
},
{
"category": "service_pack",
"name": "2.3.1.58",
"product": {
"name": "2.3.1.58",
"product_id": "CSAFPID-256174"
}
},
{
"category": "service_pack",
"name": "2.3.1.130",
"product": {
"name": "2.3.1.130",
"product_id": "CSAFPID-256175"
}
},
{
"category": "service_pack",
"name": "2.3.1.111",
"product": {
"name": "2.3.1.111",
"product_id": "CSAFPID-256176"
}
},
{
"category": "service_pack",
"name": "2.3.1.110",
"product": {
"name": "2.3.1.110",
"product_id": "CSAFPID-256177"
}
},
{
"category": "service_pack",
"name": "2.3.1.144",
"product": {
"name": "2.3.1.144",
"product_id": "CSAFPID-271836"
}
},
{
"category": "service_pack",
"name": "2.3.1.145",
"product": {
"name": "2.3.1.145",
"product_id": "CSAFPID-271837"
}
},
{
"category": "service_pack",
"name": "2.3.1.155",
"product": {
"name": "2.3.1.155",
"product_id": "CSAFPID-271838"
}
},
{
"category": "service_pack",
"name": "2.3.1.166",
"product": {
"name": "2.3.1.166",
"product_id": "CSAFPID-271839"
}
},
{
"category": "service_pack",
"name": "2.3.1.173",
"product": {
"name": "2.3.1.173",
"product_id": "CSAFPID-276492"
}
},
{
"category": "service_pack",
"name": "2.3.1.179",
"product": {
"name": "2.3.1.179",
"product_id": "CSAFPID-279079"
}
},
{
"category": "service_pack",
"name": "2.3.1.180",
"product": {
"name": "2.3.1.180",
"product_id": "CSAFPID-279082"
}
},
{
"category": "service_pack",
"name": "2.3.1.56",
"product": {
"name": "2.3.1.56",
"product_id": "CSAFPID-279083"
}
}
],
"category": "product_version",
"name": "2.3"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.6.1.131",
"product": {
"name": "2.6.1.131",
"product_id": "CSAFPID-271847"
}
},
{
"category": "service_pack",
"name": "2.6.1.157",
"product": {
"name": "2.6.1.157",
"product_id": "CSAFPID-271848"
}
},
{
"category": "service_pack",
"name": "2.6.1.166",
"product": {
"name": "2.6.1.166",
"product_id": "CSAFPID-271849"
}
},
{
"category": "service_pack",
"name": "2.6.1.169",
"product": {
"name": "2.6.1.169",
"product_id": "CSAFPID-271850"
}
},
{
"category": "service_pack",
"name": "2.6.1.174",
"product": {
"name": "2.6.1.174",
"product_id": "CSAFPID-271851"
}
},
{
"category": "service_pack",
"name": "2.6.1.187",
"product": {
"name": "2.6.1.187",
"product_id": "CSAFPID-276494"
}
},
{
"category": "service_pack",
"name": "2.6.1.192",
"product": {
"name": "2.6.1.192",
"product_id": "CSAFPID-279102"
}
}
],
"category": "product_version",
"name": "2.6"
},
{
"branches": [
{
"category": "service_pack",
"name": "2.8.1.105",
"product": {
"name": "2.8.1.105",
"product_id": "CSAFPID-279105"
}
}
],
"category": "product_version",
"name": "2.8"
}
],
"category": "product_family",
"name": "Cisco Firepower Extensible Operating System (FXOS)"
},
{
"category": "product_name",
"name": "Cisco Firepower 9000 Series",
"product": {
"name": "Cisco Firepower 9000 Series",
"product_id": "CSAFPID-277440"
}
},
{
"category": "product_name",
"name": "Cisco Firepower 4100 Series",
"product": {
"name": "Cisco Firepower 4100 Series",
"product_id": "CSAFPID-277441"
}
}
],
"category": "vendor",
"name": "Cisco"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.63 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253492:277441"
},
"product_reference": "CSAFPID-253492",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253493:277440"
},
"product_reference": "CSAFPID-253493",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253493:277441"
},
"product_reference": "CSAFPID-253493",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.1.70 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253494:277440"
},
"product_reference": "CSAFPID-253494",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.17 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253495:277440"
},
"product_reference": "CSAFPID-253495",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.19 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253496:277441"
},
"product_reference": "CSAFPID-253496",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.24 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253497:277441"
},
"product_reference": "CSAFPID-253497",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.26 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253498:277440"
},
"product_reference": "CSAFPID-253498",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.26 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253498:277441"
},
"product_reference": "CSAFPID-253498",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.28 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253499:277440"
},
"product_reference": "CSAFPID-253499",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.54 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253500:277440"
},
"product_reference": "CSAFPID-253500",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.54 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253500:277441"
},
"product_reference": "CSAFPID-253500",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.60 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253501:277440"
},
"product_reference": "CSAFPID-253501",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.60 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253501:277441"
},
"product_reference": "CSAFPID-253501",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.71 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253502:277440"
},
"product_reference": "CSAFPID-253502",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.71 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253502:277441"
},
"product_reference": "CSAFPID-253502",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.83 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253503:277440"
},
"product_reference": "CSAFPID-253503",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.83 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-253503:277441"
},
"product_reference": "CSAFPID-253503",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.86 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-253504:277440"
},
"product_reference": "CSAFPID-253504",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.91 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273567:277440"
},
"product_reference": "CSAFPID-273567",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.97 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273568:277440"
},
"product_reference": "CSAFPID-273568",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.101 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-273569:277440"
},
"product_reference": "CSAFPID-273569",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.137 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-280408:277440"
},
"product_reference": "CSAFPID-280408",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.2.2.137 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-280408:277441"
},
"product_reference": "CSAFPID-280408",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256167:277440"
},
"product_reference": "CSAFPID-256167",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256167:277441"
},
"product_reference": "CSAFPID-256167",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.93 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256168:277440"
},
"product_reference": "CSAFPID-256168",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.91 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256169:277441"
},
"product_reference": "CSAFPID-256169",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256170:277440"
},
"product_reference": "CSAFPID-256170",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256170:277441"
},
"product_reference": "CSAFPID-256170",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.75 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256171:277441"
},
"product_reference": "CSAFPID-256171",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256172:277440"
},
"product_reference": "CSAFPID-256172",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256172:277441"
},
"product_reference": "CSAFPID-256172",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256173:277440"
},
"product_reference": "CSAFPID-256173",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256173:277441"
},
"product_reference": "CSAFPID-256173",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.58 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256174:277440"
},
"product_reference": "CSAFPID-256174",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.130 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256175:277440"
},
"product_reference": "CSAFPID-256175",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.130 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256175:277441"
},
"product_reference": "CSAFPID-256175",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.111 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256176:277440"
},
"product_reference": "CSAFPID-256176",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.111 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256176:277441"
},
"product_reference": "CSAFPID-256176",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.110 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-256177:277440"
},
"product_reference": "CSAFPID-256177",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.110 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-256177:277441"
},
"product_reference": "CSAFPID-256177",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.144 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271836:277441"
},
"product_reference": "CSAFPID-271836",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.145 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271837:277441"
},
"product_reference": "CSAFPID-271837",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.155 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271838:277440"
},
"product_reference": "CSAFPID-271838",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.166 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271839:277440"
},
"product_reference": "CSAFPID-271839",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.166 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271839:277441"
},
"product_reference": "CSAFPID-271839",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.173 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-276492:277440"
},
"product_reference": "CSAFPID-276492",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.179 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279079:277440"
},
"product_reference": "CSAFPID-279079",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.179 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279079:277441"
},
"product_reference": "CSAFPID-279079",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.180 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279082:277441"
},
"product_reference": "CSAFPID-279082",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.3.1.56 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279083:277440"
},
"product_reference": "CSAFPID-279083",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.131 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271847:277440"
},
"product_reference": "CSAFPID-271847",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.131 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271847:277441"
},
"product_reference": "CSAFPID-271847",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.157 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271848:277440"
},
"product_reference": "CSAFPID-271848",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.157 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271848:277441"
},
"product_reference": "CSAFPID-271848",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.166 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271849:277440"
},
"product_reference": "CSAFPID-271849",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.166 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271849:277441"
},
"product_reference": "CSAFPID-271849",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.169 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271850:277440"
},
"product_reference": "CSAFPID-271850",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.169 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271850:277441"
},
"product_reference": "CSAFPID-271850",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.174 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-271851:277440"
},
"product_reference": "CSAFPID-271851",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.174 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-271851:277441"
},
"product_reference": "CSAFPID-271851",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.187 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-276494:277441"
},
"product_reference": "CSAFPID-276494",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.192 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279102:277440"
},
"product_reference": "CSAFPID-279102",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.6.1.192 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279102:277441"
},
"product_reference": "CSAFPID-279102",
"relates_to_product_reference": "CSAFPID-277441"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.8.1.105 when installed on Cisco Firepower 9000 Series",
"product_id": "CSAFPID-279105:277440"
},
"product_reference": "CSAFPID-279105",
"relates_to_product_reference": "CSAFPID-277440"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Cisco Firepower Extensible Operating System (FXOS) 2.8.1.105 when installed on Cisco Firepower 4100 Series",
"product_id": "CSAFPID-279105:277441"
},
"product_reference": "CSAFPID-279105",
"relates_to_product_reference": "CSAFPID-277441"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-3459",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvt65399"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
]
},
"release_date": "2020-10-21T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-253492:277441",
"CSAFPID-253493:277440",
"CSAFPID-253493:277441",
"CSAFPID-253494:277440",
"CSAFPID-253495:277440",
"CSAFPID-253496:277441",
"CSAFPID-253497:277441",
"CSAFPID-253498:277440",
"CSAFPID-253498:277441",
"CSAFPID-253499:277440",
"CSAFPID-253500:277440",
"CSAFPID-253500:277441",
"CSAFPID-253501:277440",
"CSAFPID-253501:277441",
"CSAFPID-253502:277440",
"CSAFPID-253502:277441",
"CSAFPID-253503:277440",
"CSAFPID-253503:277441",
"CSAFPID-253504:277440",
"CSAFPID-256167:277440",
"CSAFPID-256167:277441",
"CSAFPID-256168:277440",
"CSAFPID-256169:277441",
"CSAFPID-256170:277440",
"CSAFPID-256170:277441",
"CSAFPID-256171:277441",
"CSAFPID-256172:277440",
"CSAFPID-256172:277441",
"CSAFPID-256173:277440",
"CSAFPID-256173:277441",
"CSAFPID-256174:277440",
"CSAFPID-256175:277440",
"CSAFPID-256175:277441",
"CSAFPID-256176:277440",
"CSAFPID-256176:277441",
"CSAFPID-256177:277440",
"CSAFPID-256177:277441",
"CSAFPID-271836:277441",
"CSAFPID-271837:277441",
"CSAFPID-271838:277440",
"CSAFPID-271839:277440",
"CSAFPID-271839:277441",
"CSAFPID-271847:277440",
"CSAFPID-271847:277441",
"CSAFPID-271848:277440",
"CSAFPID-271848:277441",
"CSAFPID-271849:277440",
"CSAFPID-271849:277441",
"CSAFPID-271850:277440",
"CSAFPID-271850:277441",
"CSAFPID-271851:277440",
"CSAFPID-271851:277441",
"CSAFPID-273567:277440",
"CSAFPID-273568:277440",
"CSAFPID-273569:277440",
"CSAFPID-276492:277440",
"CSAFPID-276494:277441",
"CSAFPID-279079:277440",
"CSAFPID-279079:277441",
"CSAFPID-279082:277441",
"CSAFPID-279083:277440",
"CSAFPID-279102:277440",
"CSAFPID-279102:277441",
"CSAFPID-279105:277440",
"CSAFPID-279105:277441",
"CSAFPID-280408:277440",
"CSAFPID-280408:277441"
]
}
],
"title": "Cisco FXOS Software Command Injection Vulnerability"
}
]
}
gsd-2020-3459
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-3459",
"description": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",
"id": "GSD-2020-3459"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-3459"
],
"details": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",
"id": "GSD-2020-3459",
"modified": "2023-12-13T01:22:09.680614Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-10-21T16:00:00",
"ID": "CVE-2020-3459",
"STATE": "PUBLIC",
"TITLE": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Extensible Operating System (FXOS) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
]
},
"source": {
"advisory": "cisco-sa-fxos-cmdinj-b63rwKPm",
"defect": [
[
"CSCvt65399"
]
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.1.266",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1.204",
"versionStartIncluding": "2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.1.131",
"versionStartIncluding": "2.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.1.125",
"versionStartIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-44:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2020-3459"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability",
"refsource": "CISCO",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-10-30T14:02Z",
"publishedDate": "2020-10-21T19:15Z"
}
}
}
ghsa-8qgh-2x39-7mw4
Vulnerability from github
Published
2022-05-24 17:31
Modified
2022-05-24 17:31
VLAI Severity ?
Details
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
{
"affected": [],
"aliases": [
"CVE-2020-3459"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-21T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",
"id": "GHSA-8qgh-2x39-7mw4",
"modified": "2022-05-24T17:31:46Z",
"published": "2022-05-24T17:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3459"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…