Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability
The vulnerability is due to insufficient sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by using crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1NBWZvu
from Cisco Security Advisory http://ift.tt/1NBWZvu