Cisco ASA-X With FirePOWER Services Authenticated Command Injection

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access …

asa cisco cisco asa command command injection firepower injection services