CVE-2021-34764
27.10.2021, 19:15
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.
| Vendor | Product | Version |
|---|---|---|
| cisco | firepower_management_center_virtual_appliance | 6.1.0 |
| cisco | firepower_management_center_virtual_appliance | 6.2.0 |
| cisco | firepower_management_center_virtual_appliance | 6.2.3 |
| cisco | firepower_management_center_virtual_appliance | 6.3.0 |
| cisco | firepower_management_center_virtual_appliance | 6.4.0 |
| cisco | firepower_management_center_virtual_appliance | 6.5.0 |
| cisco | firepower_management_center_virtual_appliance | 6.6.0 |
| cisco | firepower_management_center_virtual_appliance | 6.6.1 |
| cisco | firepower_management_center_virtual_appliance | 6.7.0 |
| cisco | firepower_management_center_virtual_appliance | 7.0.0 |
| cisco | firepower_management_center_virtual_appliance | 7.1.0 |
| cisco | firepower_threat_defense | 𝑥 < 6.4.0.13 |
| cisco | firepower_threat_defense | 6.5.0 ≤ 𝑥 < 6.6.5 |
| cisco | firepower_threat_defense | 6.7.0 ≤ 𝑥 < 6.7.0.3 |
| cisco | sourcefire_defense_center | 6.1.0 |
| cisco | sourcefire_defense_center | 6.2.0 |
| cisco | sourcefire_defense_center | 6.2.3 |
| cisco | sourcefire_defense_center | 6.3.0 |
| cisco | sourcefire_defense_center | 6.4.0 |
| cisco | sourcefire_defense_center | 6.5.0 |
| cisco | sourcefire_defense_center | 6.6.0 |
| cisco | sourcefire_defense_center | 6.6.1 |
| cisco | sourcefire_defense_center | 6.7.0 |
| cisco | sourcefire_defense_center | 7.0.0 |
| cisco | sourcefire_defense_center | 7.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.