Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518, that could be exploited by an attacker to execute arbitrary code on vulnerable devices.
FDM On-Box allows administrators to manage the firewall without a centralized manager like the FMC and provides diagnostics capabilities.
The flaw resides in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software, it is due to lack of proper sanitization of user input on specific REST API commands.
“A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.” states the report.
“This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials.”
The flaw received a CVSS score of 6.3, it was reported by Positive Technologies security researchers Nikita Abramov and Mikhail Klyuchnikov.
An attacker could exploit the vulnerability by sending a special HTTP request to the API subsystem of a device affected by the flaw.
The flaw could be exploited by an attacker having valid user credentials.
The vulnerability impacts FDM On-Box versions 6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0. Cisco fixed the vulnerability with the release of software versions 6.4.0.12, 6.4.4, and 6.7.0.2.
The good news is that Cisco experts are not aware of attacks in the wild exploiting this vulnerability.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, LockBit 2.0)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.