Vulnerability-Lookup

CVE-2021-34756 (GCVE-0-2021-34756)

Vulnerability from cvelistv5 – Published: 2021-10-27 18:55 – Updated: 2024-11-07 21:44

Title

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Summary

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Firepower Threat Defense Software	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:48.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:42:47.721605Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:44:36.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T18:55:24.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-cmdinject-FmzsLN8",
        "defect": [
          [
            "CSCvx86283",
            "CSCvy16559",
            "CSCvy16573",
            "CSCvy19225"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-10-27T16:00:00",
          "ID": "CVE-2021-34756",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Firepower Threat Defense Software Command Injection Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower Threat Defense Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.8",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ftd-cmdinject-FmzsLN8",
          "defect": [
            [
              "CSCvx86283",
              "CSCvy16559",
              "CSCvy16573",
              "CSCvy19225"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-34756",
    "datePublished": "2021-10-27T18:55:25.058Z",
    "dateReserved": "2021-06-15T00:00:00.000Z",
    "dateUpdated": "2024-11-07T21:44:36.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8\", \"name\": \"20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T00:19:48.202Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-34756\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T21:42:47.721605Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T21:43:14.391Z\"}}], \"cna\": {\"title\": \"Cisco Firepower Threat Defense Software Command Injection Vulnerabilities\", \"source\": {\"defect\": [[\"CSCvx86283\", \"CSCvy16559\", \"CSCvy16573\", \"CSCvy19225\"]], \"advisory\": \"cisco-sa-ftd-cmdinject-FmzsLN8\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Threat Defense Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2021-10-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8\", \"name\": \"20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2021-10-27T18:55:24.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.8\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvx86283\", \"CSCvy16559\", \"CSCvy16573\", \"CSCvy19225\"]], \"advisory\": \"cisco-sa-ftd-cmdinject-FmzsLN8\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Firepower Threat Defense Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8\", \"name\": \"20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-34756\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Firepower Threat Defense Software Command Injection Vulnerabilities\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-10-27T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-34756\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-07T21:44:36.768Z\", \"dateReserved\": \"2021-06-15T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-10-27T18:55:25.058Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2021-34756

Vulnerability from fkie_nvd - Published: 2021-10-27 19:15 - Updated: 2024-11-21 06:11

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	firepower_management_center_virtual_appliance	6.1.0
cisco	firepower_management_center_virtual_appliance	6.2.0
cisco	firepower_management_center_virtual_appliance	6.2.3
cisco	firepower_management_center_virtual_appliance	6.3.0
cisco	firepower_management_center_virtual_appliance	6.4.0
cisco	firepower_management_center_virtual_appliance	6.4.0.11
cisco	firepower_management_center_virtual_appliance	6.5.0
cisco	firepower_management_center_virtual_appliance	6.6.0
cisco	firepower_management_center_virtual_appliance	6.6.1
cisco	firepower_management_center_virtual_appliance	6.7.0
cisco	firepower_management_center_virtual_appliance	7.0.0
cisco	firepower_management_center_virtual_appliance	7.1.0
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	firepower_threat_defense	*
cisco	sourcefire_defense_center	6.1.0
cisco	sourcefire_defense_center	6.2.0
cisco	sourcefire_defense_center	6.2.3
cisco	sourcefire_defense_center	6.3.0
cisco	sourcefire_defense_center	6.4.0
cisco	sourcefire_defense_center	6.4.0.11
cisco	sourcefire_defense_center	6.5.0
cisco	sourcefire_defense_center	6.6.0
cisco	sourcefire_defense_center	6.6.1
cisco	sourcefire_defense_center	6.7.0
cisco	sourcefire_defense_center	7.0.0
cisco	sourcefire_defense_center	7.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A08538C5-6957-42B4-894B-1AF04FC904A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFAA87-6DB1-419B-A2F4-F1FB3A7B8A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75D9CB4-406B-4FBF-BC7A-35C2CCEFD8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C16F3BD-2ACD-44A0-9033-13CB59A50FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0FC62F-65AD-4855-953A-DA5BBFC1B2E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E738F08-C30D-46E4-A92C-D406D72E1292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28629BA3-B1ED-409B-9FB1-E2159D95D975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49436378-0578-48F6-AE54-7C8D88574864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B11AE299-AE40-42EB-9C0B-3865C932E766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA792E5D-7270-4C23-A8D6-22EB00CB21A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB38685-4255-4565-98AA-234B9DEEADE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF689E1-22FF-467F-B5A7-59833D77971E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F461B5-E600-4C81-BA3C-1DBC90D4D438",
              "versionEndExcluding": "6.4.0.13",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A74256-AF9A-473B-9DC7-A57618BA9F00",
              "versionEndExcluding": "6.6.5",
              "versionStartIncluding": "6.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98DEDDAB-B8C5-4753-A208-94638E694FC1",
              "versionEndExcluding": "6.7.0.3",
              "versionStartIncluding": "6.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2F537A-A488-45B6-AD4B-48B7064AE84C",
              "versionEndExcluding": "7.0.1",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E2B495-A0B6-4049-8C90-96CF62BC1BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20741BF4-6F44-42DE-B05E-EDB4176CAD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E4A3574-53DC-4328-A229-87795AE4F7AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B273B25-634A-48FF-B290-4A332F84E0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBC6544-6ADF-4F95-A969-A8D953D11B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FBD21A-0D57-466F-B6F6-1D124A6D75D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DF03B7-9C70-4BEE-8AE4-6AA134322C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4F47E43-116B-4176-9E79-0BA7CBA16869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B02800C-6420-4758-89CF-66F47B4FCA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F41081E-06CF-4BA2-9072-E18D9032BEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52ED507A-5075-4444-A2D1-F5657453AD3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sourcefire_defense_center:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E9A6F5-8BC2-4FA5-9920-E980EFC5BCEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "Varias vulnerabilidades en la CLI del software Cisco Firepower Threat Defense (FTD) podr\u00edan permitir a un atacante local autenticado ejecutar comandos arbitrarios con privilegios de root. Para conseguir m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
    }
  ],
  "id": "CVE-2021-34756",
  "lastModified": "2024-11-21T06:11:07.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T19:15:07.940",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-829

Vulnerability from certfr_avis - Published: 2021-10-28 - Updated: 2021-10-28

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco FTD versions 6.5.x à 6.6.x antérieures à 6.6.5.1 (sortie prévue en novembre 2021)
Cisco	N/A	Cisco ASA versions 9.15.x antérieures à 9.15.1.17
Cisco	N/A	Cisco FMC versions 6.5.x à 6.6.x antérieures à 6.6.5.1
Cisco	N/A	Cisco FTD versions 7.0.x antérieures à 7.0.1
Cisco	N/A	Cisco FTD versions 6.7.x antérieures à 6.7.0.3 (sortie prévue en janvier 2022)
Cisco	N/A	Cisco ASA versions 9.16.x antérieures à 9.16.2.3
Cisco	N/A	Cisco ASA versions 9.7.x à 9.8.x antérieures à 9.8.4.40
Cisco	N/A	Cisco ASA versions 9.9.x à 9.12.x antérieures à 9.12.4.29
Cisco	N/A	Snort versions 3.x antérieures à 3.1.0.100
Cisco	N/A	Cisco FMC versions 7.0.x antérieures à 7.0.1
Cisco	N/A	Cisco FMC versions antérieures à 6.4.0.13 (sortie prévue en novembre 2021)
Cisco	N/A	Cisco FMC versions 6.7.x antérieures à 6.7.0.3 (sortie prévue en janvier 2022)
Cisco	N/A	Cisco ASA versions 9.13.x à 9.14.x antérieures à 9.14.3.9
Cisco	N/A	Cisco FTD versions antérieures à 6.4.0.13 (sortie prévue en novembre 2021)

References

Title

Publication Time

GSD-2021-34756

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-34756

Aliases

CVE-2021-34756

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-34756",
    "description": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.",
    "id": "GSD-2021-34756"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-34756"
      ],
      "details": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.",
      "id": "GSD-2021-34756",
      "modified": "2023-12-13T01:23:14.312869Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2021-10-27T16:00:00",
        "ID": "CVE-2021-34756",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Firepower Threat Defense Software Command Injection Vulnerabilities"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower Threat Defense Software ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "7.8",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-ftd-cmdinject-FmzsLN8",
        "defect": [
          [
            "CSCvx86283",
            "CSCvy16559",
            "CSCvy16573",
            "CSCvy19225"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.7.0.3",
                "versionStartIncluding": "6.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.0.13",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:6.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sourcefire_defense_center:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.6.5",
                "versionStartIncluding": "6.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2021-34756"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211027 Cisco Firepower Threat Defense Software Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-24T14:06Z",
      "publishedDate": "2021-10-27T19:15Z"
    }
  }
}

GHSA-4M78-5JCJ-9HXX

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-24 19:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-34756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-27T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-4m78-5jcj-9hxx",
  "modified": "2022-10-24T19:00:24Z",
  "published": "2022-05-24T19:18:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34756"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-34756

Vulnerability from fstec - Published: 27.10.2021

Title

Уязвимость интерфейса командной строки (CLI) микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD), позволяющая нарушителю выполнить произвольные команды

Description

Уязвимость интерфейса командной строки (CLI) микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD) связана с недостаточной проверкой аргументов команд. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные команды

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Firepower Threat Defense

Software Version

до 6.4.0.13 (Firepower Threat Defense), от 6.7.0 до 6.7.0.3 (Firepower Threat Defense), от 7.0.0 до 7.0.1 (Firepower Threat Defense), от 6.5.0 до 6.6.5 (Firepower Threat Defense)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8 https://nvd.nist.gov/vuln/detail/CVE-2021-34756

CWE

CWE-20, CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.4.0.13 (Firepower Threat Defense), \u043e\u0442 6.7.0 \u0434\u043e 6.7.0.3 (Firepower Threat Defense), \u043e\u0442 7.0.0 \u0434\u043e 7.0.1 (Firepower Threat Defense), \u043e\u0442 6.5.0 \u0434\u043e 6.6.5 (Firepower Threat Defense)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.10.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05616",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-34756",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firepower Threat Defense",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Firepower Threat Defense (FTD), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Firepower Threat Defense (FTD) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34756",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-34756 (GCVE-0-2021-34756)

FKIE_CVE-2021-34756

CERTFR-2021-AVI-829

Solution

GSD-2021-34756

GHSA-4M78-5JCJ-9HXX

CVE-2021-34756

Tags

Sightings

Nomenclature