First published: Wed Oct 27 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Management Center Virtual Appliance | =6.1.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.2.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.2.3 | |
Cisco Firepower Management Center Virtual Appliance | =6.3.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.4.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.5.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.6.0 | |
Cisco Firepower Management Center Virtual Appliance | =6.6.1 | |
Cisco Firepower Management Center Virtual Appliance | =6.7.0 | |
Cisco Firepower Management Center Virtual Appliance | =7.0.0 | |
Cisco Firepower Management Center Virtual Appliance | =7.1.0 | |
Cisco Firepower Threat Defense | <6.4.0.13 | |
Cisco Firepower Threat Defense | >=6.5.0<6.6.5 | |
Cisco Firepower Threat Defense | >=6.7.0<6.7.0.3 | |
Cisco Sourcefire Defense Center | =6.1.0 | |
Cisco Sourcefire Defense Center | =6.2.0 | |
Cisco Sourcefire Defense Center | =6.2.3 | |
Cisco Sourcefire Defense Center | =6.3.0 | |
Cisco Sourcefire Defense Center | =6.4.0 | |
Cisco Sourcefire Defense Center | =6.5.0 | |
Cisco Sourcefire Defense Center | =6.6.0 | |
Cisco Sourcefire Defense Center | =6.6.1 | |
Cisco Sourcefire Defense Center | =6.7.0 | |
Cisco Sourcefire Defense Center | =7.0.0 | |
Cisco Sourcefire Defense Center | =7.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34764 refers to multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software.
The severity of CVE-2021-34764 is medium (CVSS score: 6.1).
An attacker can exploit CVE-2021-34764 by executing a cross-site scripting (XSS) attack or an open redirect attack.
Versions 6.1.0 to 7.1.0 of Cisco Firepower Management Center Virtual Appliance are affected by CVE-2021-34764.
You can find more information about CVE-2021-34764 in the Cisco Security Advisory at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-openredir-TVPMWJyg