CVE-2021-1369

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Device Manager (FDM) On-Box Software (affected versions not specified)

Description: A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information stored on an affected device. This issue is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this by sending malicious requests containing references in XML entities to an affected system, potentially allowing the retrieval of files from the local system and resulting in the disclosure of sensitive information or a partial denial of service (DoS) condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.