What is the vulnerability ID?

The vulnerability ID is CVE-2021-34755.

What is the severity of CVE-2021-34755?

The severity of CVE-2021-34755 is rated as high with a CVSS score of 7.8.

What software is affected by CVE-2021-34755?

Multiple versions of Cisco Firepower Threat Defense (FTD) Software and Cisco Sourcefire Defense Center are affected by CVE-2021-34755.

How can an attacker exploit CVE-2021-34755?

An authenticated, local attacker can exploit CVE-2021-34755 by executing arbitrary commands with root privileges.

Where can I find more information about CVE-2021-34755?

You can find more information about CVE-2021-34755 in the Cisco Security Advisory at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

Vulnerability/
CVE-2021-34755

high

7.8

CWE

78 20

27/10/2021

7/11/2024

CVE-2021-34755: Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

First published: Wed Oct 27 2021(Updated: )

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Management Center Virtual Appliance	=6.1.0
Cisco Firepower Management Center Virtual Appliance	=6.2.0
Cisco Firepower Management Center Virtual Appliance	=6.2.3
Cisco Firepower Management Center Virtual Appliance	=6.3.0
Cisco Firepower Management Center Virtual Appliance	=6.4.0
Cisco Firepower Management Center Virtual Appliance	=6.4.0.11
Cisco Firepower Management Center Virtual Appliance	=6.5.0
Cisco Firepower Management Center Virtual Appliance	=6.6.0
Cisco Firepower Management Center Virtual Appliance	=6.6.1
Cisco Firepower Management Center Virtual Appliance	=6.7.0
Cisco Firepower Management Center Virtual Appliance	=7.0.0
Cisco Firepower Management Center Virtual Appliance	=7.1.0
Cisco Firepower Threat Defense	>=6.4.0<6.4.0.13
Cisco Firepower Threat Defense	>=6.6.0<6.6.5
Cisco Firepower Threat Defense	>=6.7.0<6.7.0.3
Cisco Firepower Threat Defense	>=7.0.0<7.0.1
Cisco Sourcefire Defense Center	=6.1.0
Cisco Sourcefire Defense Center	=6.2.0
Cisco Sourcefire Defense Center	=6.2.3
Cisco Sourcefire Defense Center	=6.3.0
Cisco Sourcefire Defense Center	=6.4.0
Cisco Sourcefire Defense Center	=6.4.0.11
Cisco Sourcefire Defense Center	=6.5.0
Cisco Sourcefire Defense Center	=6.6.0
Cisco Sourcefire Defense Center	=6.6.1
Cisco Sourcefire Defense Center	=6.7.0
Cisco Sourcefire Defense Center	=7.0.0
Cisco Sourcefire Defense Center	=7.1.0

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-34755.
What is the severity of CVE-2021-34755?
The severity of CVE-2021-34755 is rated as high with a CVSS score of 7.8.
What software is affected by CVE-2021-34755?
Multiple versions of Cisco Firepower Threat Defense (FTD) Software and Cisco Sourcefire Defense Center are affected by CVE-2021-34755.
How can an attacker exploit CVE-2021-34755?
An authenticated, local attacker can exploit CVE-2021-34755 by executing arbitrary commands with root privileges.
Where can I find more information about CVE-2021-34755?
You can find more information about CVE-2021-34755 in the Cisco Security Advisory at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/title
agent/last-modified-date
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco firepower management center virtual appliance
version/cisco firepower management center virtual appliance/6.1.0
version/cisco firepower management center virtual appliance/6.2.0
version/cisco firepower management center virtual appliance/6.2.3
version/cisco firepower management center virtual appliance/6.3.0
version/cisco firepower management center virtual appliance/6.4.0
version/cisco firepower management center virtual appliance/6.4.0.11
version/cisco firepower management center virtual appliance/6.5.0
version/cisco firepower management center virtual appliance/6.6.0
version/cisco firepower management center virtual appliance/6.6.1
version/cisco firepower management center virtual appliance/6.7.0
version/cisco firepower management center virtual appliance/7.0.0
version/cisco firepower management center virtual appliance/7.1.0
canonical/cisco firepower threat defense
version/cisco firepower threat defense/6.4.0
version/cisco firepower threat defense/6.6.0
version/cisco firepower threat defense/6.7.0
version/cisco firepower threat defense/7.0.0
canonical/cisco sourcefire defense center
version/cisco sourcefire defense center/6.1.0
version/cisco sourcefire defense center/6.2.0
version/cisco sourcefire defense center/6.2.3
version/cisco sourcefire defense center/6.3.0
version/cisco sourcefire defense center/6.4.0
version/cisco sourcefire defense center/6.4.0.11
version/cisco sourcefire defense center/6.5.0
version/cisco sourcefire defense center/6.6.0
version/cisco sourcefire defense center/6.6.1
version/cisco sourcefire defense center/6.7.0
version/cisco sourcefire defense center/7.0.0
version/cisco sourcefire defense center/7.1.0