A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Adaptive_security_appliance_software | Cisco | 9.8.1 (including) | 9.8.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.1.5 (including) | 9.8.1.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.1.7 (including) | 9.8.1.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2 (including) | 9.8.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.8 (including) | 9.8.2.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.14 (including) | 9.8.2.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.15 (including) | 9.8.2.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.17 (including) | 9.8.2.17 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.20 (including) | 9.8.2.20 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.24 (including) | 9.8.2.24 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.26 (including) | 9.8.2.26 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.28 (including) | 9.8.2.28 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.33 (including) | 9.8.2.33 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.35 (including) | 9.8.2.35 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.2.38 (including) | 9.8.2.38 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3 (including) | 9.8.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.8 (including) | 9.8.3.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.11 (including) | 9.8.3.11 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.14 (including) | 9.8.3.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.16 (including) | 9.8.3.16 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.18 (including) | 9.8.3.18 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.21 (including) | 9.8.3.21 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.26 (including) | 9.8.3.26 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.3.29 (including) | 9.8.3.29 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4 (including) | 9.8.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.3 (including) | 9.8.4.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.7 (including) | 9.8.4.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.8 (including) | 9.8.4.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.10 (including) | 9.8.4.10 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.12 (including) | 9.8.4.12 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.15 (including) | 9.8.4.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.17 (including) | 9.8.4.17 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.20 (including) | 9.8.4.20 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.22 (including) | 9.8.4.22 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.25 (including) | 9.8.4.25 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.26 (including) | 9.8.4.26 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.29 (including) | 9.8.4.29 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.32 (including) | 9.8.4.32 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.33 (including) | 9.8.4.33 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.34 (including) | 9.8.4.34 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.35 (including) | 9.8.4.35 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.39 (including) | 9.8.4.39 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.40 (including) | 9.8.4.40 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.41 (including) | 9.8.4.41 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.43 (including) | 9.8.4.43 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.44 (including) | 9.8.4.44 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.45 (including) | 9.8.4.45 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.46 (including) | 9.8.4.46 (including) |
Adaptive_security_appliance_software | Cisco | 9.8.4.48 (including) | 9.8.4.48 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.1 (including) | 9.12.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.1.2 (including) | 9.12.1.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.1.3 (including) | 9.12.1.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.2 (including) | 9.12.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.2.1 (including) | 9.12.2.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.2.4 (including) | 9.12.2.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.2.5 (including) | 9.12.2.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.2.9 (including) | 9.12.2.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.3 (including) | 9.12.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.3.2 (including) | 9.12.3.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.3.7 (including) | 9.12.3.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.3.9 (including) | 9.12.3.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.3.12 (including) | 9.12.3.12 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4 (including) | 9.12.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.2 (including) | 9.12.4.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.4 (including) | 9.12.4.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.7 (including) | 9.12.4.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.8 (including) | 9.12.4.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.10 (including) | 9.12.4.10 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.13 (including) | 9.12.4.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.18 (including) | 9.12.4.18 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.24 (including) | 9.12.4.24 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.26 (including) | 9.12.4.26 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.29 (including) | 9.12.4.29 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.30 (including) | 9.12.4.30 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.35 (including) | 9.12.4.35 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.37 (including) | 9.12.4.37 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.38 (including) | 9.12.4.38 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.39 (including) | 9.12.4.39 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.40 (including) | 9.12.4.40 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.41 (including) | 9.12.4.41 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.47 (including) | 9.12.4.47 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.48 (including) | 9.12.4.48 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.50 (including) | 9.12.4.50 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.52 (including) | 9.12.4.52 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.54 (including) | 9.12.4.54 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.55 (including) | 9.12.4.55 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.56 (including) | 9.12.4.56 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.58 (including) | 9.12.4.58 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.62 (including) | 9.12.4.62 (including) |
Adaptive_security_appliance_software | Cisco | 9.12.4.65 (including) | 9.12.4.65 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1 (including) | 9.14.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1.6 (including) | 9.14.1.6 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1.10 (including) | 9.14.1.10 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1.15 (including) | 9.14.1.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1.19 (including) | 9.14.1.19 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.1.30 (including) | 9.14.1.30 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.2 (including) | 9.14.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.2.4 (including) | 9.14.2.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.2.8 (including) | 9.14.2.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.2.13 (including) | 9.14.2.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.2.15 (including) | 9.14.2.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3 (including) | 9.14.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.1 (including) | 9.14.3.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.9 (including) | 9.14.3.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.11 (including) | 9.14.3.11 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.13 (including) | 9.14.3.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.15 (including) | 9.14.3.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.3.18 (including) | 9.14.3.18 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4 (including) | 9.14.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.6 (including) | 9.14.4.6 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.7 (including) | 9.14.4.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.12 (including) | 9.14.4.12 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.13 (including) | 9.14.4.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.14 (including) | 9.14.4.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.15 (including) | 9.14.4.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.17 (including) | 9.14.4.17 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.22 (including) | 9.14.4.22 (including) |
Adaptive_security_appliance_software | Cisco | 9.14.4.23 (including) | 9.14.4.23 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1 (including) | 9.15.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.1 (including) | 9.15.1.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.7 (including) | 9.15.1.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.10 (including) | 9.15.1.10 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.15 (including) | 9.15.1.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.16 (including) | 9.15.1.16 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.17 (including) | 9.15.1.17 (including) |
Adaptive_security_appliance_software | Cisco | 9.15.1.21 (including) | 9.15.1.21 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.1 (including) | 9.16.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.1.28 (including) | 9.16.1.28 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2 (including) | 9.16.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2.3 (including) | 9.16.2.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2.7 (including) | 9.16.2.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2.11 (including) | 9.16.2.11 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2.13 (including) | 9.16.2.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.2.14 (including) | 9.16.2.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3 (including) | 9.16.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3.3 (including) | 9.16.3.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3.14 (including) | 9.16.3.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3.15 (including) | 9.16.3.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3.19 (including) | 9.16.3.19 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.3.23 (including) | 9.16.3.23 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4 (including) | 9.16.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.9 (including) | 9.16.4.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.14 (including) | 9.16.4.14 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.18 (including) | 9.16.4.18 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.19 (including) | 9.16.4.19 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.27 (including) | 9.16.4.27 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.38 (including) | 9.16.4.38 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.39 (including) | 9.16.4.39 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.42 (including) | 9.16.4.42 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.48 (including) | 9.16.4.48 (including) |
Adaptive_security_appliance_software | Cisco | 9.16.4.55 (including) | 9.16.4.55 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1 (including) | 9.17.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.7 (including) | 9.17.1.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.9 (including) | 9.17.1.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.10 (including) | 9.17.1.10 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.11 (including) | 9.17.1.11 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.13 (including) | 9.17.1.13 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.15 (including) | 9.17.1.15 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.20 (including) | 9.17.1.20 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.30 (including) | 9.17.1.30 (including) |
Adaptive_security_appliance_software | Cisco | 9.17.1.33 (including) | 9.17.1.33 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.1 (including) | 9.18.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.1.3 (including) | 9.18.1.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.2 (including) | 9.18.2 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.2.5 (including) | 9.18.2.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.2.7 (including) | 9.18.2.7 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.2.8 (including) | 9.18.2.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3 (including) | 9.18.3 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3.39 (including) | 9.18.3.39 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3.46 (including) | 9.18.3.46 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3.53 (including) | 9.18.3.53 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3.55 (including) | 9.18.3.55 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.3.56 (including) | 9.18.3.56 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.4 (including) | 9.18.4 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.4.5 (including) | 9.18.4.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.18.4.8 (including) | 9.18.4.8 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1 (including) | 9.19.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.5 (including) | 9.19.1.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.9 (including) | 9.19.1.9 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.12 (including) | 9.19.1.12 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.18 (including) | 9.19.1.18 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.22 (including) | 9.19.1.22 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.24 (including) | 9.19.1.24 (including) |
Adaptive_security_appliance_software | Cisco | 9.19.1.27 (including) | 9.19.1.27 (including) |
Adaptive_security_appliance_software | Cisco | 9.20.1 (including) | 9.20.1 (including) |
Adaptive_security_appliance_software | Cisco | 9.20.1.5 (including) | 9.20.1.5 (including) |
Adaptive_security_appliance_software | Cisco | 9.20.2 (including) | 9.20.2 (including) |
This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications. Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage. There are at least two subtypes of OS command injection:
From a weakness standpoint, these variants represent distinct programmer errors. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input.