Vulnerabilities > Cisco > Firepower Threat Defense

DATE CVE VULNERABILITY TITLE RISK
2021-10-27 CVE-2021-34755 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.8
2021-10-27 CVE-2021-34756 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.8
2021-10-27 CVE-2021-34761 Exposure of Resource to Wrong Sphere vulnerability in Cisco products
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges.
local
low complexity
cisco CWE-668
6.0
2021-10-27 CVE-2021-34762 Path Traversal vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device.
network
low complexity
cisco CWE-22
8.1
2021-10-27 CVE-2021-34763 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack.
network
low complexity
cisco CWE-79
4.8
2021-10-27 CVE-2021-34764 Open Redirect vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack.
network
low complexity
cisco CWE-601
6.1
2021-10-27 CVE-2021-34781 Improper Handling of Exceptional Conditions vulnerability in Cisco products
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
network
low complexity
cisco CWE-755
7.5
2021-10-27 CVE-2021-34783 Improper Input Validation vulnerability in Cisco products
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2021-10-27 CVE-2021-34787 Improper Handling of Exceptional Conditions vulnerability in Cisco products
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections.
network
low complexity
cisco CWE-755
5.3
2021-10-27 CVE-2021-34790 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG.
network
low complexity
cisco CWE-20
5.3