CVE-2021-34755: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

CVE-2021-34755 is a command injection vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software that affects devices running in multi-instance mode. The vulnerability was discovered by Ilkin Gasimov of Cisco during internal security testing and was publicly disclosed on October 27, 2021. This vulnerability specifically affects Cisco FTD Software platforms including Firepower 4100 Series and 9300 Series Security Appliances running multi-instance configurations (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied command arguments in the CLI of Cisco FTD Software. It received a CVSS Base Score of 7.8 with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high severity. The vulnerability is tracked under bug IDs CSCvx86283 and CSCvy16559 (Cisco Advisory).

A successful exploitation of this vulnerability could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device running in multi-instance mode (Cisco Advisory).

Cisco has released software updates that address this vulnerability. The fixed versions include 6.4.0.13 (released November 2021), 6.6.5, 6.7.0.3 (released January 2022), and 7.0.1. There are no workarounds available for this vulnerability. Users of affected versions are advised to upgrade to a fixed release (Cisco Advisory).