CVE-2021-34756: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

CVE-2021-34756 is a command injection vulnerability discovered in the CLI of Cisco Firepower Threat Defense (FTD) Software. The vulnerability was identified in October 2021 and affects devices running in multi-instance mode. This security flaw could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied command arguments in the CLI interface. It received a CVSS Base Score of 7.8 (High) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically affects Cisco FTD Software running in multi-instance configuration, which is supported on Firepower 4100 Series Security Appliances and Firepower 9300 Series Security Appliances (Cisco Advisory).

A successful exploitation of this vulnerability allows an attacker to execute commands with root privileges on the underlying operating system of an affected device. This level of access provides complete control over the system, potentially compromising the security of the entire device (Cisco Advisory).

Cisco has released software updates that address this vulnerability. The fixed releases include version 6.4.0.13 (released in November 2021), 6.6.5, 6.7.0.3 (released in January 2022), and 7.0.1. There are no workarounds available for this vulnerability, and customers are advised to upgrade to a supported release that includes the fix (Cisco Advisory).