CVE-2021-34761
Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
| Assigner | cisco |
| Reserved | 2021-06-15 |
| Published | 2021-10-27 |
| Updated | 2024-11-07 |
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc (20211027 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability)
Support options
