CVE-2022-20926

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description A vulnerability in the web management interface could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The issue is due to insufficient validation of user-supplied parameters for certain API endpoints, such as /api/v1/login. An attacker could exploit this by sending crafted input to an affected API endpoint, potentially allowing them to execute arbitrary commands on the device with low system privileges. To exploit this, an attacker would need valid credentials for a user with Device permissions, which by default are only held by Administrators, Security Approvers, and Network Admins user accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.