CVE-2018-0300

Name of the Vulnerable Software and Affected Versions: Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance (affected versions not specified)

Description: A vulnerability in the Cisco FXOS application image upload process could allow an authenticated, remote attacker to create or overwrite arbitrary files on an affected device using path traversal techniques. The issue is due to insufficient validation during the upload process. An attacker could exploit this by creating an application image with malicious code and installing it on the device, potentially allowing the execution of arbitrary code with root privileges. This exploit occurs before signature verification, and a missing or invalid signature in the image will cause the upload to fail but does not prevent the exploit.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.