CVE-2015-6370

Published Nov 19, 2015

Last updated 9 years ago

Overview

Description: The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:1.1\\(1.160\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B9E0CD4-B484-4323-AC1D-A0817F0F8C49"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References