A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials.
History

Thu, 07 Nov 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-07-22T15:20:46.574984Z

Updated: 2024-11-07T22:05:16.206Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1518

cve-icon Vulnrichment

Updated: 2024-08-03T16:11:17.693Z

cve-icon NVD

Status : Modified

Published: 2021-07-22T16:15:07.897

Modified: 2024-11-21T05:44:31.900

Link: CVE-2021-1518

cve-icon Redhat

No data.