Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-34762

Опубликовано: 27 окт. 2021
Источник: nvd
CVSS3: 8.1
CVSS2: 5.5
EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия до 6.4.0.13 (исключая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.5.0 (включая) до 6.6.5 (исключая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.7.0 (включая) до 6.7.0.3 (исключая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.1 (исключая)
cpe:2.3:a:cisco:sourcefire_defense_center:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:6.6.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sourcefire_defense_center:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.00195
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-26
CWE-22

Связанные уязвимости

github логотип

GHSA-8m4x-wmgm-h3w9

github
больше 3 лет назад

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.

fstec логотип

BDU:2021-05661

CVSS3: 8.1
fstec
больше 4 лет назад

Уязвимость веб-интерфейса управления программного обеспечения администрирования сети Cisco Firepower Management Center (FMC), позволяющая нарушителю читать или перезаписывать произвольные файлы

EPSS

Процентиль: 41%
0.00195
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-26
CWE-22