CVE-2021-1488 — Vulnetix

CVE-2021-1488 PUBLISHED CVSS 6.699999809265137 MEDIUM

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.

EPSS 0.07% · 21.6th percentile

Risk Scores

CVSS 3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.07%

21.6th percentile

Affected Products

Vendor	Product	Versions
cisco	firepower_threat_defense	6.5.0, 6.7.0
Cisco	Cisco Adaptive Security Appliance (ASA) Software	n/a
cisco	adaptive_security_appliance_software	9.14, 9.15, 9.13

Exploit Intelligence

20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability (circl)

Timeline

Apr 29, 2021 CVE Published
Apr 30, 2021 EPSS Score
Jul 3, 2021 EPSS Score
Sep 3, 2021 EPSS Score
Nov 5, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Mar 9, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 10, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Nov 14, 2022 EPSS Score
Jan 15, 2023 EPSS Score

References

Open in Interactive Console →