Vulnerabilities > Cisco > Firepower Management Center Virtual Appliance

DATE CVE VULNERABILITY TITLE RISK
2021-10-27 CVE-2021-34755 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.8
2021-10-27 CVE-2021-34756 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.8
2021-10-27 CVE-2021-34761 Exposure of Resource to Wrong Sphere vulnerability in Cisco products
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges.
local
low complexity
cisco CWE-668
6.0
2021-10-27 CVE-2021-34762 Path Traversal vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device.
network
low complexity
cisco CWE-22
8.1
2021-10-27 CVE-2021-34763 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack.
network
low complexity
cisco CWE-79
4.8
2021-10-27 CVE-2021-34764 Open Redirect vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack.
network
low complexity
cisco CWE-601
6.1
2021-10-27 CVE-2021-34781 Improper Handling of Exceptional Conditions vulnerability in Cisco products
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
network
low complexity
cisco CWE-755
7.5
2018-06-21 CVE-2018-0365 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8