CVE-2015-6380

An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:firepower_extensible_operating_system:1.1\(1.160\):*:*:*:*:*:*:*

Information

Published : 2015-11-23 20:59

Updated : 2015-11-24 09:01

NVD link : CVE-2015-6380

Mitre link : CVE-2015-6380

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Products Affected

cisco

firepower_extensible_operating_system

6.5 /10