Home Unlabelled Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability

Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability

By
Wednesday, February 01, 2017
Read
Add Comment
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.

The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVG7Jd A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.

The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVG7Jd
Security Impact Rating: Medium
CVE: CVE-2017-3822

from Cisco Security Advisory http://ift.tt/2kVG7Jd
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us