6.7
CVE-2021-34752
- EPSS 0.23%
- Veröffentlicht 15.11.2024 17:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Firepower Threat Defense Command Injection Vulnerabilities
A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercisco
≫
Produkt
firepower_threat_defense_software
Default Statusunknown
Version
0
Version <
6.4.0.13
Status
affected
Version
6.5.0
Version <
6.6.5
Status
affected
Version
6.7.0
Version <
6.7.0.3
Status
affected
Version
7.0.0
Version <
7.0.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.46 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.