QID 317181
Date Published: 2022-05-05
QID 317181: Cisco Firepower Management Center File Upload Security Bypass Vulnerability (cisco-sa-fmc-security-bypass-JhOd29Gg)
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system.
Affected Products
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FMC Software.
Prior to version 6.4.0.15
6.5.0 prior to version 6.6.5.2
6.7.0 prior to version 7.0.2
7.1.0 prior to version 7.1.0.1
QID Detection Logic (Authenticated):
This QID will check the version retrieved via Unix Auth using "show version" command.
A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.
Customers are advised to refer to cisco-sa-fmc-security-bypass-JhOd29Gg for more information.
- cisco-sa-fmc-security-bypass-JhOd29Gg -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg
CVEs related to QID 317181
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-fmc-security-bypass-JhOd29Gg |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg |