CVE-2021-1518 (CNNVD-202107-1695)
中文标题:
Cisco Firepower Device Manager 代码注入漏洞
英文标题:
Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
漏洞描述
中文描述:
Cisco Firepower Device Manager(FDM)是美国思科(Cisco)公司的一款防火墙设备管理器。该产品支持访问规则配置、系统监控等功能。 Cisco Firepower Device Manager 存在代码注入漏洞,经过身份验证的远程攻击者可利用该漏洞在受影响设备的底层操作系统上执行任意代码。
英文描述:
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software | n/a | - | - |
cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:n_a:*:*:*:*:*:*:*
|
| cisco | firepower_device_manager_on-box | * | - | - |
cpe:2.3:a:cisco:firepower_device_manager_on-box:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-1518 |
2025-11-11 15:20:45 | 2025-11-11 07:36:33 |
| NVD | nvd_CVE-2021-1518 |
2025-11-11 14:57:39 | 2025-11-11 07:44:55 |
| CNNVD | cnnvd_CNNVD-202107-1695 |
2025-11-11 15:10:41 | 2025-11-11 07:56:49 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 代码注入
- cnnvd_id: 未提取 -> CNNVD-202107-1695
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']