CVE-2015-6369

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue is related to insufficient input validation in the USB driver, which can be exploited by an attacker with physical access to the device. This can lead to a denial of service via a crafted USB device that triggers invalid USB commands.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the USB interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the use of USB devices on affected Firepower 9000 devices may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.