CVE-2019-1709

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense Software (affected versions not specified)

Description The issue exists due to insufficient input validation in the command-line interface of the software, allowing an attacker to perform a command injection attack. This could enable an authenticated, local attacker to execute commands with root privileges by injecting commands into arguments for a specific command.

Recommendations For all affected versions, consider restricting access to the command-line interface to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable command until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.