CVE-2015-6370

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue exists due to the failure to neutralize special elements used in the operating system command. This allows a local attacker to execute arbitrary operating system commands as the root user by entering special command-line parameters. The Management I/O (MIO) component is affected, enabling local users to execute arbitrary OS commands as root via crafted CLI input.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the MIO component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted CLI input that could lead to the execution of arbitrary OS commands.