PT-2021-7233 · Cisco · Cisco Firepower Management Center
Maxim Suslov
·
Published
2021-11-02
·
Updated
2024-11-26
·
CVE-2022-20743
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Firepower Management Center (FMC) Software (affected versions not specified)
Description
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This is due to improper validation of files uploaded to the web management interface. An attacker could exploit this by uploading a maliciously crafted file, allowing them to store malicious files on the device and potentially execute arbitrary code on the affected device with root privileges.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Firepower Management Center