Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2021-1256
HistoryApr 29, 2021 - 6:15 p.m.

CVE-2021-1256

2021-04-2918:15:08
CWE-552
CWE-22
cisco
web.nvd.nist.gov
40
4
cisco
ftd software
vulnerability
authenticated
local attacker
overwrite files
file system
nvd
cve-2021-1256

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6

Confidence

High

EPSS

0

Percentile

9.9%

JSON

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.

Affected configurations

Nvd
Node
ciscofirepower_threat_defenseRange6.4.0
OR
ciscofirepower_threat_defenseRange6.6.06.6.4
VendorProductVersionCPE
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Firepower Threat Defense Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

prion 1
nessus 1
cisco 1
nvd 1
cvelist 1
prion
prion
Directory traversal
2021-04-29 18:15:00
nessus
nessus
Cisco Firepower Threat Defense Software Command File Overwrite (cisco-sa-ftd-file-overwrite-XknRjGdB)
2021-05-06 00:00:00
cisco
cisco
Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability
2021-04-28 16:00:00
nvd
nvd
CVE-2021-1256
2021-04-29 18:15:08
cvelist
cvelist
CVE-2021-1256 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability
2021-04-29 17:30:18

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6

Confidence

High

EPSS

0

Percentile

9.9%

JSON
Related for CVE-2021-1256
prion1nessus1cisco1nvd1cvelist1