#VU52741 Files or Directories Accessible to External Parties


Published: 2021-04-29

Vulnerability identifier: #VU52741

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-1256

CWE-ID: CWE-552

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to overwrite files on the target system 

The vulnerability exists due to insufficient validation of user input for the file path in a specific CLI command. A local administrator can overwrite arbitrary files on the file system of the affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.4.0


CPE

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability