CVE-2022-20934

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Cisco FXOS Software (affected versions not specified)

Description A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This issue is due to improper input validation for specific CLI commands, allowing an attacker to inject operating system commands into a legitimate command and potentially escape the restricted command prompt. To exploit this, an attacker would need valid Administrator credentials.

Recommendations For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. For Cisco FXOS Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.