Brandon Sakai

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Management Center (FMC) (affected versions not specified) **Description** A flaw in the web interface of Cisco Secure Firewall Management Center (FMC) Software allows an unauthenticated remote attacker to bypass authentication and execute script files to gain root access to the underlying operating system. This issue stems from an improper system process created during boot time. Exploitation occurs by sending crafted HTTP requests to the device. Technical analysis indicates the use of Java Byte-Stream via HTTP POST requests to trigger a deserialization process, where the `readObject()` method initiates a gadget chain involving `LazyMap` and `InvokerTransformer`, ultimately leading to the execution of the `exec()` command with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Management Center (FMC) Software versions 7.0.7 and 7.7.0 **Description** A vulnerability exists in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to improper handling of user input during the authentication phase. An attacker could exploit this by sending crafted input when authenticating via the configured RADIUS server, potentially gaining high-privilege access. The vulnerability is actively exploited. **Recommendations** Apply the security patch released by Cisco for versions 7.0.7 and 7.7.0. As a temporary workaround, disable RADIUS authentication for the web-based management interface and SSH management until the patch can be applied.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software and Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input in the inter-device communication mechanisms between devices running Cisco Firepower Threat Defense (FTD) Software and devices running Cisco Firepower Management (FMC) Software. An authenticated, local attacker could exploit this by accessing the expert mode of an affected device and submitting specific commands to a connected system, potentially allowing the execution of arbitrary commands with root permissions on the underlying operating system of an affected device. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device, or vice versa. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** A vulnerability in the web management interface could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The issue is due to insufficient validation of user-supplied parameters for certain API endpoints, such as `/api/v1/login`. An attacker could exploit this by sending crafted input to an affected API endpoint, potentially allowing them to execute arbitrary commands on the device with low system privileges. To exploit this, an attacker would need valid credentials for a user with Device permissions, which by default are only held by Administrators, Security Approvers, and Network Admins user accounts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied parameters for certain API endpoints in the web management interface. This could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. The attacker would need valid credentials for a user with Device permissions, which by default are only held by Administrators, Security Approvers, and Network Admins user accounts. **Recommendations** To resolve the issue, update the Cisco Firepower Management Center (FMC) Software to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Restrict access to users with Device permissions to minimize the risk of exploitation. Avoid using the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Cisco FXOS Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This issue is due to improper input validation for specific CLI commands, allowing an attacker to inject operating system commands into a legitimate command and potentially escape the restricted command prompt. To exploit this, an attacker would need valid Administrator credentials. **Recommendations** For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. For Cisco FXOS Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to insufficient validation of command arguments in the Command Line Interface (CLI) of Cisco Firepower Threat Defense (FTD) Software. This could allow an authenticated, local attacker to execute arbitrary commands with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The issue is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters, such as `username` or `password`. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (affected versions not specified) **Description** A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. **Recommendations** To resolve the issue, update to the latest version of Cisco Firepower Threat Defense as detailed in the advisory. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation. Avoid using the vulnerable CLI commands until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so updating to the latest version is crucial.