CVE-2021-34761

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

Severity	MEDIUM
CVSS	4.4
CWE	CWE-73
KEV
Published	4 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Secure Firewall Threat Defense Virtual	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Secure Firewall 3100 Series	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Firepower Threat Defense Software	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Firepower 9000 Series	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Firepower 4100 Series	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Firepower 2100 Series	cisco-sa-ftd-file-write-SHVcmQVc
Cisco Firepower 1000 Series	cisco-sa-ftd-file-write-SHVcmQVc
Cisco ASA 5500-X Series Firewalls	cisco-sa-ftd-file-write-SHVcmQVc
Cisco 3000 Series Industrial Security Appliances (ISA)	cisco-sa-ftd-file-write-SHVcmQVc