{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-34752","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2021-06-15T13:43:49.942Z","datePublished":"2024-11-15T16:14:36.385Z","dateUpdated":"2024-11-15T18:09:38.213Z"},"containers":{"cna":{"title":"Cisco Firepower Threat Defense Command Injection Vulnerabilities","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. \r\n\r\nThis vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8","name":"cisco-sa-ftd-cmdinject-FmzsLN8"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ftd-cmdinject-FmzsLN8","discovery":"INTERNAL","defects":["CSCvy16573"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Input Validation","type":"cwe","cweId":"CWE-20"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Firepower Threat Defense Software","versions":[{"version":"6.2.3","status":"affected"},{"version":"6.6.0.1","status":"affected"},{"version":"6.4.0.6","status":"affected"}]}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-15T16:14:36.385Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"firepower_threat_defense_software","cpes":["cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.4.0.13","versionType":"custom"},{"version":"6.5.0","status":"affected","lessThan":"6.6.5","versionType":"custom"},{"version":"6.7.0","status":"affected","lessThan":"6.7.0.3","versionType":"custom"},{"version":"7.0.0","status":"affected","lessThan":"7.0.1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-15T18:07:00.904017Z","id":"CVE-2021-34752","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-15T18:09:38.213Z"}}]}}