Cisco FTD Software Vulnerability Could Allow Arbitrary Commands with Root Privileges
CVE-2021-34752

6.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower Threat Defense Software
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability exists in the Command Line Interface (CLI) of Cisco FTD Software that enables an authenticated local user with administrative rights to execute arbitrary commands with elevated privileges on the device's underlying operating system. This issue arises from inadequate validation of the parameters provided in user commands. If an attacker successfully exploits this vulnerability by submitting specifically crafted input, they can execute commands with root-level access, thereby compromising the system's integrity. Cisco has issued software updates to remedy this vulnerability, and no workarounds are available.

Affected Version(s)

Cisco Firepower Threat Defense Software 6.2.3

Cisco Firepower Threat Defense Software 6.6.0.1

Cisco Firepower Threat Defense Software 6.4.0.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Jun 15, 2021