Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.
The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2kVG7Jd A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.
The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2kVG7Jd
Security Impact Rating: Medium
CVE: CVE-2017-3822
from Cisco Security Advisory http://ift.tt/2kVG7Jd
The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2kVG7Jd A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.
The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability by entering crafted requests through the web UI. An exploit could allow the attacker to obfuscate the audit log by adding false entries.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2kVG7Jd
Security Impact Rating: Medium
CVE: CVE-2017-3822
from Cisco Security Advisory http://ift.tt/2kVG7Jd