CVE-2021-34761 — Vulnetix

CVE-2021-34761 PUBLISHED CVSS 4.400000095367432 MEDIUM

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

EPSS 0.20% · 41.9th percentile

Risk Scores

CVSS 3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.20%

41.9th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Firepower Threat Defense Software	n/a
cisco	firepower_threat_defense	7.0.0, 6.4.0, 6.6.0
cisco	firepower_management_center_virtual_appliance	7.0.0, 7.1.0, 6.2.3
cisco	sourcefire_defense_center	6.7.0, 7.1.0, 6.2.3

Exploit Intelligence

20211027 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability (circl)

Timeline

Oct 27, 2021 CVE Published
Oct 28, 2021 EPSS Score
Dec 23, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 17, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Aug 5, 2022 EPSS Score
Sep 30, 2022 EPSS Score
Nov 25, 2022 EPSS Score
Jan 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

20211027 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34761 advisory

Open in Interactive Console →