CVE-2021-34763Open Redirect in Cisco Firepower Threat Defense

CWE-601Open RedirectCWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 61.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Firepower Threat DefenseCisco Firepower Management CenterCisco Firepower Management Center Virtual Appliance+1 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

NVDcisco/firepower_threat_defense6.5.06.6.5+2

🔴Vulnerability Details

2
GHSA
GHSA-ffgm-hx4g-x33q: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute2022-05-24
CVEList
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities2021-10-27

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities2021-10-27
CVE-2021-34763 — Open Redirect in Cisco | cvebase