CVE-2021-1477 — Vulnetix

CVE-2021-1477 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.

EPSS 0.14% · 34.7th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.14%

34.7th percentile

Affected Products

Vendor	Product	Versions
cisco	secure_firewall_management_center	0, 6.7.0, 6.5.0
Cisco	Cisco Firepower Management Center	n/a

Exploit Intelligence

20210428 Cisco Firepower Management Center Software Policy Vulnerability (circl)

Timeline

Apr 29, 2021 CVE Published
Apr 30, 2021 EPSS Score
Jul 3, 2021 EPSS Score
Sep 3, 2021 EPSS Score
Nov 5, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Mar 9, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 10, 2022 EPSS Score
Jul 11, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Nov 14, 2022 EPSS Score

References

20210428 Cisco Firepower Management Center Software Policy Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1477 advisory

Open in Interactive Console →