A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).
The vulnerability results from insufficient validation of input data in specific HTTP requests directed to the management interface. An attacker, after authenticating in the web interface, sends a crafted HTTP request to the vulnerable device. The command injection mechanism allows injection and execution of arbitrary system commands. The scope of the attack extends beyond the FMC server itself — it is also possible to execute commands on managed Cisco Firepower Threat Defense (FTD) devices.
An attacker can gain full control of the Cisco FMC device operating system with root privileges, and also execute commands on connected Cisco FTD devices. This results in complete compromise of the firewall infrastructure, including the ability to read and modify network security configurations.
Apply patches available from the vendor according to references: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7. It is also recommended to restrict access to the FMC web interface exclusively to trusted IP addresses and to review assigned user roles, including accounts with the Security Analyst (Read Only) role.
Cisco Secure Firewall Management Center (FMC) Software (formerly Firepower Management Center Software) — specific versions indicated in vendor references.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCisco Secure Firewall Management Center
APPCisco6.2.36.2.3.16.2.3.106.2.3.116.2.3.126.2.3.136.2.3.146.2.3.156.2.3.166.2.3.176.2.3.186.2.3.26.2.3.36.2.3.46.2.3.5+ 77 więcej
Related vulnerabilities
RCE przez insecure deserialization w Cisco Secure Firewall Management Center
RCE przez RADIUS w Cisco Secure Firewall Management Center
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow ...
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow a...
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent So...