Vulnerabilities > Cisco > Firepower Extensible Operating System

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-20234 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used.
local
low complexity
cisco CWE-732
6.0
2023-02-23 CVE-2023-20015 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands.
local
low complexity
cisco CWE-78
6.7
2022-11-15 CVE-2022-20934 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands.
local
low complexity
cisco CWE-78
6.7
2022-02-23 CVE-2022-20625 Unspecified vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition.
low complexity
cisco
4.3
2021-09-23 CVE-2021-34714 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload.
low complexity
cisco CWE-20
7.4
2021-02-24 CVE-2021-1368 Unspecified vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device.
low complexity
cisco
8.8
2020-10-21 CVE-2020-3459 OS Command Injection vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
7.8
2020-10-21 CVE-2020-3457 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
6.7
2020-10-21 CVE-2020-3456 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 2.4(1.249)
A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device.
network
low complexity
cisco CWE-352
8.8
2020-10-21 CVE-2020-3455 Unspecified vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms.
local
low complexity
cisco
7.8