Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability
Name cisco-sa-20180620-firepwr-pt First vendor Publication 2018-06-20
Vendor Cisco Last vendor Modification 2018-06-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the process of uploading new application images to the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device.

The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges.

Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepwr-pt ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepwr-pt"]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"].


iQJ5BAEBAgBjBQJbKnqSXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczX4AP/R6akXfmHXrT3dBKMlz1L6a+9gbf 52ZwVn5444vPyHMLa0yIekrQ4pvVf5FxL00QKYpVXqyTqAY3y3ssmUFE4GFjAqt +fxktchRYep21IT8wiOf/cZjH+DRecjKaMZ4YOJAc5Hjxht3G9X9um7S5Rp/+Sx4O d0ffa3nE7pywqtaLqLULgvfiO1GnAICSX05hyfq4wkUcBtA5iarIjRLHUBK/UWHo c8HDvPSoDT5MTbqR9pdj9M7WwZa1MXbcQkGnwBrxgUO9K+Djk3VN95f1tif3882S SFf0C6fcODp+kLT4Q+ijt+uH7DvkxxvYINlHXTWCC2Z/UiE6KdJ8YTw8Gn9tkmk4 yz2A0ZGKc6iz70YcToVuwVVkkw3BNT7FutdBc3U23+K3zjjCvnZgbnwAJ3jINCEy icHE0Np4jOmOQvS4kl6px9ht0k3l4XWEG/1HIRqMO5211HsfBEkbCXofDXzgIbVF nx7uQUdIye6Jk6d94qeiYCVSgN2vRuRSHsQoIAgzZaqYHcAAY/q/e5zeHpbdZT7w 1r8folfZmNCNp5wt9GFGB4sXgl7CNC87UtlByL6+NhTlIYBkPrQwDszpWbKwqHEm p98cvuz0GTRNzwczNZnvdHQ3JvGp3RfE/G/KR7WtE+pDGCwcx6wWjddt8LhF1ZHi /xrotG2ksFy+nBdf =8ZCH END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Os 1

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-08-21 00:21:46
  • Multiple Updates
2018-06-21 17:21:16
  • Multiple Updates
2018-06-20 21:19:20
  • First insertion