Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS.

The flaw exists because user-supplied command arguments aren’t sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances. No workarounds exist, but software updates to address the vulnerability are already available.