| Developers: | Cisco Systems |
| Last Release Date: | 2021/08/02 |
| Technology: | IB - Firewalls, Office Applications |
Main article: Firewall
2021: Troubleshooting a Vulnerability That Allows Random Code to Run on an Operating System
Cisco fixed the vulnerability in Cisco Firepower Device Manager (FDM) On-Box software identified by Positive Technologies experts Nikita Abramov and Mikhail Klyuchnikov. Use this Device Manager to configure Cisco Firepower NGFW firewalls locally. According to the report of the analytical agency Forrester Research. This was announced on August 2, 2021 by PT.
Vulnerability CVE-2021-1518 was rated 6.3 on the CVSS 3.1 scale. A problem was detected in the REST API of the built-in software Cisco FDM On-Box. The error may have allowed the authenticated remote attacker to execute arbitrary code operating system to the affected device.
 | In order to take advantage of this vulnerability, it was enough for an attacker to have data user accounts with low privileges and send a specially formed HTTP request, "said Positive Technologies experts who discovered this vulnerability. - Technically, the vulnerability is caused by insufficient user input validation for certain REST API commands. |  |
Cisco FDM On-Box 6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0 are vulnerable. Cisco has released software updates to address this vulnerability - 6.4.0.12, 6.4.4, and 6.7.0.2.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |