CVE-2026-20018— Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. This vulnerability is due to insufficient validation of the directory path during file synchronization. An attacker could exploit this vulnerability by crafting a directory path outside of the expected file location. A successful exploit could allow the attacker to create or replace any file on the underlying operating system.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

路径遍历：’dir/../../filename’

Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense都是美国思科（Cisco）公司的产品。Cisco Secure Firewall Management Center是一个强大的网络安全管理工具。Cisco Secure Firewall Threat Defense是一个集成式防火墙平台。 Cisco Secure Firewall Management Center和Cisco Secure Fire

N/A

N/A