CVE-2021-1256 (GCVE-0-2021-1256)

Vulnerability from cvelistv5 – Published: 2021-04-29 17:30 – Updated: 2024-11-08 23:25
VLAI?
Summary
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.
Severity ?
6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Cisco Cisco Firepower Threat Defense Software Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:56.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1256",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:45:16.197162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:25:06.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T07:06:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-file-overwrite-XknRjGdB",
        "defect": [
          [
            "CSCvu29184"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-04-28T16:00:00",
          "ID": "CVE-2021-1256",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower Threat Defense Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.0",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ftd-file-overwrite-XknRjGdB",
          "defect": [
            [
              "CSCvu29184"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1256",
    "datePublished": "2021-04-29T17:30:18.183521Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:25:06.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.4.0\", \"matchCriteriaId\": \"3C8BBB3D-8E5E-4285-AA16-DCA436119F4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.6.0\", \"versionEndExcluding\": \"6.6.4\", \"matchCriteriaId\": \"F6642EEB-0BE6-4607-9B1E-96F2F715710F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la CLI del software Cisco Firepower Threat Defense (FTD), podr\\u00eda permitir a un atacante autenticado local sobrescribir archivos en el sistema de archivos de un dispositivo afectado mediante el uso de t\\u00e9cnicas de salto de directorios.\u0026#xa0;Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda causar inestabilidad en el sistema si archivos importantes del sistema son sobrescritos.\u0026#xa0;Esta vulnerabilidad es debido a una comprobaci\\u00f3n insuficiente de entrada del usuario para la ruta del archivo en un comando CLI espec\\u00edfico.\u0026#xa0;Un atacante podr\\u00eda explotar esta vulnerabilidad al iniciar sesi\\u00f3n en un dispositivo de destino y emitir un comando CLI espec\\u00edfico con la entrada del usuario.\u0026#xa0;Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante sobrescribir archivos arbitrarios en el sistema de archivos del dispositivo afectado.\u0026#xa0;El atacante necesitar\\u00eda credenciales de usuario v\\u00e1lidas en el dispositivo\"}]",
      "id": "CVE-2021-1256",
      "lastModified": "2024-11-21T05:43:56.447",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-29T18:15:08.840",
      "references": "[{\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}, {\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1256\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2021-04-29T18:15:08.840\",\"lastModified\":\"2024-11-21T05:43:56.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la CLI del software Cisco Firepower Threat Defense (FTD), podr\u00eda permitir a un atacante autenticado local sobrescribir archivos en el sistema de archivos de un dispositivo afectado mediante el uso de t\u00e9cnicas de salto de directorios.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda causar inestabilidad en el sistema si archivos importantes del sistema son sobrescritos.\u0026#xa0;Esta vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de entrada del usuario para la ruta del archivo en un comando CLI espec\u00edfico.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al iniciar sesi\u00f3n en un dispositivo de destino y emitir un comando CLI espec\u00edfico con la entrada del usuario.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir archivos arbitrarios en el sistema de archivos del dispositivo afectado.\u0026#xa0;El atacante necesitar\u00eda credenciales de usuario v\u00e1lidas en el dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"3C8BBB3D-8E5E-4285-AA16-DCA436119F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.0\",\"versionEndExcluding\":\"6.6.4\",\"matchCriteriaId\":\"F6642EEB-0BE6-4607-9B1E-96F2F715710F\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\", \"name\": \"20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:02:56.405Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1256\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T20:45:16.197162Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T20:58:15.984Z\"}}], \"cna\": {\"title\": \"Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability\", \"source\": {\"defect\": [[\"CSCvu29184\"]], \"advisory\": \"cisco-sa-ftd-file-overwrite-XknRjGdB\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Threat Defense Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2021-04-28T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\", \"name\": \"20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2022-04-13T07:06:13\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"6.0\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvu29184\"]], \"advisory\": \"cisco-sa-ftd-file-overwrite-XknRjGdB\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Firepower Threat Defense Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB\", \"name\": \"20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"name\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-552\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-1256\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-04-28T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-1256\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T23:25:06.066Z\", \"dateReserved\": \"2020-11-13T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-04-29T17:30:18.183521Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.