Kyle Ossinger

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified) **Description** A flaw exists in certain command-line interface (CLI) commands within the software that could allow a local attacker with Administrator privileges to execute Lua code as root. This is due to insufficient input sanitization. An attacker could craft malicious Lua code and submit it as a parameter to a CLI command, potentially leading to arbitrary code execution with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified) **Description** A flaw exists in the sftunnel functionality that may allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. This is caused by inadequate validation of the directory path during file synchronization. An attacker could exploit this by creating a directory path outside the expected file location, potentially enabling the creation or replacement of any file on the operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure FTD Software (affected versions not specified) **Description** A flaw exists in the Command Line Interface (CLI) of Cisco Secure FTD Software that could allow a local attacker with administrative privileges to execute arbitrary commands on the operating system with root access. This is caused by inadequate validation of user-provided command arguments. An attacker could exploit this by submitting specially crafted input to a specific CLI command. Successful exploitation could lead to the execution of commands with root privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Management Center (FMC) (affected versions not specified) **Description** A flaw exists in the web-based management interface of Cisco Secure FMC Software that could permit an authenticated, remote attacker to perform SQL injection attacks. This issue stems from insufficient validation of user-supplied input. An attacker could leverage this by transmitting specially crafted requests to a vulnerable device. A successful exploit may grant the attacker complete database access and the ability to read specific files on the underlying operating system. Valid user credentials are required for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall ASA Software and Secure FTD Software (affected versions not specified) **Description** A flaw exists in the SAML 2.0 single sign-on (SSO) feature that could allow a remote, unauthenticated attacker to cause the device to reload unexpectedly, leading to a denial-of-service (DoS) condition. This is due to insufficient error checking when processing SAML messages. An attacker could exploit this by sending crafted SAML messages to the SAML service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco TelePresence CE and RoomOS (affected versions not specified) **Description** A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This issue is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands, potentially allowing them to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS (affected versions not specified) **Description** The issue is related to insufficient validation of incoming requests, which could allow an attacker to conduct a Server-Side Request Forgery (SSRF) attack. This can be achieved by sending a specially crafted HTTP request. The vulnerability is due to improper validation of user-supplied input, allowing an authenticated, local attacker to bypass access controls. **Recommendations** For Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS, consider restricting access to the web application until a fix is available. As a temporary workaround, consider disabling the functionality that allows user-supplied input to be sent as HTTP requests until a patch is available. Avoid using the affected device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.