CVE-2021-34764Open Redirect in Cisco Firepower Threat Defense

CWE-601Open RedirectCWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
CNA4.8
EPSS
0.2%
top 58.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Firepower Threat DefenseCisco Firepower Management CenterCisco Firepower Management Center Virtual Appliance+1 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDcisco/firepower_threat_defense6.5.06.6.5+2

🔴Vulnerability Details

2
GHSA
GHSA-29vr-6hw6-5v65: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute2022-05-24
CVEList
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities2021-10-27

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities2021-10-27
CVE-2021-34764 — Open Redirect in Cisco | cvebase