CVE-2018-0453

Name of the Vulnerable Software and Affected Versions Cisco Firepower System Software (affected versions not specified)

Description A vulnerability exists in the Sourcefire tunnel control channel protocol, allowing an authenticated, local attacker with root privileges to execute specific CLI commands on the Cisco Firepower Management Center (FMC) or other Firepower sensors and devices controlled by the same FMC. The issue arises from insufficient checks for certain CLI commands executed via a Sourcefire tunnel connection. An attacker could exploit this by authenticating with root privileges to a Firepower sensor or Cisco FMC and sending specific CLI commands, potentially modifying device configurations or deleting files on the device running Cisco FMC Software or on any Firepower device managed by Cisco FMC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.