How severe is CVE-2021-34762?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-34762?

This is classified as CWE-26, which is a common weakness in software security.

CVE-2021-34762 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.

Related Vulnerabilities

CVE-2021-42021

HIGH

CVSS:7.5(High)

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1...

CWE-262021

CVE-2024-31551

HIGH

CVSS:7.5(High)

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

CWE-262024

CVE-2024-29466

HIGH

CVSS:8.8(High)

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

CWE-262024

CVE-2024-25466

HIGH

CVSS:7.3(High)

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library comp...

CWE-262024

CVE-2024-39673

HIGH

CVSS:7.1(High)

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE-262024

CVE-2024-20345

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulner...

CWE-262024