CVE-2021-34756 — Improper Input Validation in Cisco Firepower Threat Defense

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection CWE-77 — Command Injection4 documents4 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.1%

top 79.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Cisco Firepower Threat Defense Software Cisco Firepower Management Center Virtual Appliance +1 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwaren/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.13+3

▶NVDcisco/sourcefire_defense_center12 versions+11

▶NVDcisco/firepower_management_center_virtual_appliance12 versions+11

🔴Vulnerability Details

GHSA

GHSA-4m78-5jcj-9hxx: Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities↗2021-10-27

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities↗2021-10-27

▶