CVE-2022-20934

Published: Nov 15, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.

Affected (156)

Products: Cisco: Firepower Threat Defense, Firepower Extensible Operating System

Cisco

2 products

Firepower Threat Defense

Firepower Extensible Operating System

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	From 6.1.0 to 6.1.0.7
Cisco Firepower Threat Defense	From 6.2.0 to 6.2.0.6
Cisco Firepower Threat Defense	From 6.2.2 to 6.2.2.5
Cisco Firepower Threat Defense	From 6.2.3 to 6.2.3.18
Cisco Firepower Threat Defense	From 6.3.0 to 6.3.0.5
Cisco Firepower Threat Defense	From 6.4.0 to 6.4.0.15
Cisco Firepower Threat Defense	From 6.5.0 to 6.5.0.5
Cisco Firepower Threat Defense	From 6.7.0 to 6.7.0.3
Cisco Firepower Threat Defense	From 7.0.0 to 7.0.4
Cisco Firepower Threat Defense	Version 6.2.1
Cisco Firepower Threat Defense	Version 6.6.0.1
Cisco Firepower Threat Defense	Version 6.6.0
Cisco Firepower Threat Defense	Version 6.6.1
Cisco Firepower Threat Defense	Version 6.6.3
Cisco Firepower Threat Defense	Version 6.6.4
Cisco Firepower Threat Defense	Version 6.6.5.1
Cisco Firepower Threat Defense	Version 6.6.5.2
Cisco Firepower Threat Defense	Version 6.6.5
Cisco Firepower Threat Defense	Version 6.6.7
Cisco Firepower Threat Defense	Version 7.1.0.0
Cisco Firepower Threat Defense	Version 7.1.0.1
Cisco Firepower Threat Defense	Version 7.1.0.2
Cisco Firepower Threat Defense	Version 7.2.0.1
Cisco Firepower Threat Defense	Version 7.2.0

Configuration B

132 vulnerable

Vulnerable Software	Affected Versions
Cisco Firepower Extensible Operating System	Version 1.1.1.147
Cisco Firepower Extensible Operating System	Version 1.1.1.160
Cisco Firepower Extensible Operating System	Version 1.1.2.178
Cisco Firepower Extensible Operating System	Version 1.1.2.51
Cisco Firepower Extensible Operating System	Version 1.1.3.84
Cisco Firepower Extensible Operating System	Version 1.1.3.86
Cisco Firepower Extensible Operating System	Version 1.1.3.97
Cisco Firepower Extensible Operating System	Version 1.1.4.117
Cisco Firepower Extensible Operating System	Version 1.1.4.140
Cisco Firepower Extensible Operating System	Version 1.1.4.169
Cisco Firepower Extensible Operating System	Version 1.1.4.175
Cisco Firepower Extensible Operating System	Version 1.1.4.178
Cisco Firepower Extensible Operating System	Version 1.1.4.179
Cisco Firepower Extensible Operating System	Version 1.1.4.95
Cisco Firepower Extensible Operating System	Version 2.0.1.135
Cisco Firepower Extensible Operating System	Version 2.0.1.141
Cisco Firepower Extensible Operating System	Version 2.0.1.144
Cisco Firepower Extensible Operating System	Version 2.0.1.148
Cisco Firepower Extensible Operating System	Version 2.0.1.149
Cisco Firepower Extensible Operating System	Version 2.0.1.153
Cisco Firepower Extensible Operating System	Version 2.0.1.159
Cisco Firepower Extensible Operating System	Version 2.0.1.188
Cisco Firepower Extensible Operating System	Version 2.0.1.201
Cisco Firepower Extensible Operating System	Version 2.0.1.203
Cisco Firepower Extensible Operating System	Version 2.0.1.204
Cisco Firepower Extensible Operating System	Version 2.0.1.206
Cisco Firepower Extensible Operating System	Version 2.0.1.37
Cisco Firepower Extensible Operating System	Version 2.0.1.68
Cisco Firepower Extensible Operating System	Version 2.0.1.86
Cisco Firepower Extensible Operating System	Version 2.1.1.106
Cisco Firepower Extensible Operating System	Version 2.1.1.107
Cisco Firepower Extensible Operating System	Version 2.1.1.113
Cisco Firepower Extensible Operating System	Version 2.1.1.115
Cisco Firepower Extensible Operating System	Version 2.1.1.116
Cisco Firepower Extensible Operating System	Version 2.1.1.64
Cisco Firepower Extensible Operating System	Version 2.1.1.73
Cisco Firepower Extensible Operating System	Version 2.1.1.77
Cisco Firepower Extensible Operating System	Version 2.1.1.83
Cisco Firepower Extensible Operating System	Version 2.1.1.85
Cisco Firepower Extensible Operating System	Version 2.1.1.86
Cisco Firepower Extensible Operating System	Version 2.1.1.97
Cisco Firepower Extensible Operating System	Version 2.10.1.159
Cisco Firepower Extensible Operating System	Version 2.10.1.166
Cisco Firepower Extensible Operating System	Version 2.10.1.179
Cisco Firepower Extensible Operating System	Version 2.11.1.154
Cisco Firepower Extensible Operating System	Version 2.2.1.63
Cisco Firepower Extensible Operating System	Version 2.2.1.66
Cisco Firepower Extensible Operating System	Version 2.2.1.70
Cisco Firepower Extensible Operating System	Version 2.2.2.101
Cisco Firepower Extensible Operating System	Version 2.2.2.137
Cisco Firepower Extensible Operating System	Version 2.2.2.148
Cisco Firepower Extensible Operating System	Version 2.2.2.149
Cisco Firepower Extensible Operating System	Version 2.2.2.17
Cisco Firepower Extensible Operating System	Version 2.2.2.19
Cisco Firepower Extensible Operating System	Version 2.2.2.24
Cisco Firepower Extensible Operating System	Version 2.2.2.26
Cisco Firepower Extensible Operating System	Version 2.2.2.28
Cisco Firepower Extensible Operating System	Version 2.2.2.54
Cisco Firepower Extensible Operating System	Version 2.2.2.60
Cisco Firepower Extensible Operating System	Version 2.2.2.71
Cisco Firepower Extensible Operating System	Version 2.2.2.83
Cisco Firepower Extensible Operating System	Version 2.2.2.86
Cisco Firepower Extensible Operating System	Version 2.2.2.91
Cisco Firepower Extensible Operating System	Version 2.2.2.97
Cisco Firepower Extensible Operating System	Version 2.3.1.110
Cisco Firepower Extensible Operating System	Version 2.3.1.111
Cisco Firepower Extensible Operating System	Version 2.3.1.130
Cisco Firepower Extensible Operating System	Version 2.3.1.144
Cisco Firepower Extensible Operating System	Version 2.3.1.145
Cisco Firepower Extensible Operating System	Version 2.3.1.155
Cisco Firepower Extensible Operating System	Version 2.3.1.166
Cisco Firepower Extensible Operating System	Version 2.3.1.173
Cisco Firepower Extensible Operating System	Version 2.3.1.179
Cisco Firepower Extensible Operating System	Version 2.3.1.180
Cisco Firepower Extensible Operating System	Version 2.3.1.190
Cisco Firepower Extensible Operating System	Version 2.3.1.215
Cisco Firepower Extensible Operating System	Version 2.3.1.216
Cisco Firepower Extensible Operating System	Version 2.3.1.219
Cisco Firepower Extensible Operating System	Version 2.3.1.56
Cisco Firepower Extensible Operating System	Version 2.3.1.58
Cisco Firepower Extensible Operating System	Version 2.3.1.66
Cisco Firepower Extensible Operating System	Version 2.3.1.73
Cisco Firepower Extensible Operating System	Version 2.3.1.75
Cisco Firepower Extensible Operating System	Version 2.3.1.88
Cisco Firepower Extensible Operating System	Version 2.3.1.91
Cisco Firepower Extensible Operating System	Version 2.3.1.93
Cisco Firepower Extensible Operating System	Version 2.3.1.99
Cisco Firepower Extensible Operating System	Version 2.4.1.101
Cisco Firepower Extensible Operating System	Version 2.4.1.214
Cisco Firepower Extensible Operating System	Version 2.4.1.222
Cisco Firepower Extensible Operating System	Version 2.4.1.234
Cisco Firepower Extensible Operating System	Version 2.4.1.238
Cisco Firepower Extensible Operating System	Version 2.4.1.244
Cisco Firepower Extensible Operating System	Version 2.4.1.249
Cisco Firepower Extensible Operating System	Version 2.4.1.252
Cisco Firepower Extensible Operating System	Version 2.4.1.266
Cisco Firepower Extensible Operating System	Version 2.4.1.268
Cisco Firepower Extensible Operating System	Version 2.4.1.273
Cisco Firepower Extensible Operating System	Version 2.6.1.131
Cisco Firepower Extensible Operating System	Version 2.6.1.157
Cisco Firepower Extensible Operating System	Version 2.6.1.166
Cisco Firepower Extensible Operating System	Version 2.6.1.169
Cisco Firepower Extensible Operating System	Version 2.6.1.174
Cisco Firepower Extensible Operating System	Version 2.6.1.187
Cisco Firepower Extensible Operating System	Version 2.6.1.192
Cisco Firepower Extensible Operating System	Version 2.6.1.204
Cisco Firepower Extensible Operating System	Version 2.6.1.214
Cisco Firepower Extensible Operating System	Version 2.6.1.224
Cisco Firepower Extensible Operating System	Version 2.6.1.229
Cisco Firepower Extensible Operating System	Version 2.6.1.230
Cisco Firepower Extensible Operating System	Version 2.6.1.238
Cisco Firepower Extensible Operating System	Version 2.6.1.239
Cisco Firepower Extensible Operating System	Version 2.6.1.254
Cisco Firepower Extensible Operating System	Version 2.7.1.106
Cisco Firepower Extensible Operating System	Version 2.7.1.122
Cisco Firepower Extensible Operating System	Version 2.7.1.131
Cisco Firepower Extensible Operating System	Version 2.7.1.143
Cisco Firepower Extensible Operating System	Version 2.7.1.92
Cisco Firepower Extensible Operating System	Version 2.7.1.98
Cisco Firepower Extensible Operating System	Version 2.8.1.105
Cisco Firepower Extensible Operating System	Version 2.8.1.125
Cisco Firepower Extensible Operating System	Version 2.8.1.139
Cisco Firepower Extensible Operating System	Version 2.8.1.143
Cisco Firepower Extensible Operating System	Version 2.8.1.152
Cisco Firepower Extensible Operating System	Version 2.8.1.162
Cisco Firepower Extensible Operating System	Version 2.8.1.164
Cisco Firepower Extensible Operating System	Version 2.8.1.172
Cisco Firepower Extensible Operating System	Version 2.9.1.131
Cisco Firepower Extensible Operating System	Version 2.9.1.135
Cisco Firepower Extensible Operating System	Version 2.9.1.143
Cisco Firepower Extensible Operating System	Version 2.9.1.150
Cisco Firepower Extensible Operating System	Version 2.9.1.158

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK

Source: psirt@cisco.com

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.