CVE-2021-34755 – Cisco Firepower Threat Defense Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34755
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la CLI del software Cisco Firepower Threat Defense (FTD) podrían permitir a un atacante local autenticado ejecutar comandos arbitrarios con privilegios de root. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-34754 – Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34754
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. Múltiples vulnerabilidades en la inspección de la carga útil del tráfico del Protocolo Industrial Ethernet (ENIP) para el software Cisco Firepower Threat Defense (FTD) podrían permitir a un atacante remoto no autenticado omitir las reglas configuradas para el tráfico ENIP. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP • CWE-284: Improper Access Control •
CVE-2021-34749 – Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
https://notcve.org/view.php?id=CVE-2021-34749
A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks. Una vulnerabilidad en el filtrado de peticiones Server Name Identification (SNI) de Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD) y Snort detection engine podría permitir a un atacante no autenticado remoto omitir la tecnología de filtrado en un dispositivo afectado y exfiltrar datos de un host comprometido. • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN https://www.debian.org/security/2023/dsa-5354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-1477 – Cisco Firepower Management Center Software Policy Vulnerability
https://notcve.org/view.php?id=CVE-2021-1477
A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device. Una vulnerabilidad en un mecanismo de control de acceso del software Cisco Firepower Management Center (FMC), podría permitir a un atacante remoto autenticado acceder a servicios más allá del alcance de su autorización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-iac-pZDMQ4wC • CWE-284: Improper Access Control •
CVE-2021-1458 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1458
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web del software Cisco Firepower Management Center (FMC), podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •