CVE-2015-6380

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue allows remote authenticated users to execute arbitrary OS commands via crafted parameters. This is due to the failure to neutralize special elements used in the OS command. An unspecified script in the web interface is affected, allowing a remote attacker to exploit the issue and execute arbitrary commands using specially formed parameters.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the web interface until a fix is available. As a temporary workaround, avoid using crafted parameters in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.