CVE-2021-34762: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

CVE-2021-34762 is a directory traversal vulnerability discovered in the web-based management interface of Cisco Firepower Management Center (FMC) Software. The vulnerability was first published on October 27, 2021, and affects devices running vulnerable releases of Cisco FMC Software. This high-severity vulnerability was discovered during internal security testing by Brandon Sakai of Cisco (Cisco Advisory).

The vulnerability stems from insufficient input validation of the HTTPS URL by the web-based management interface. It has been assigned a CVSS base score of 8.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X. The vulnerability is tracked under CWE-26 and requires valid device credentials for exploitation (Cisco Advisory).

A successful exploitation of this vulnerability could allow an authenticated, remote attacker to read or write arbitrary files on the affected device. The default configuration of the affected systems is vulnerable (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available. Fixed releases include FMC Software versions 6.4.0.13 (Nov 2021), 6.6.5, 6.7.0.3 (Jan 2022), and 7.0.1. Users of earlier versions are advised to migrate to a supported release that includes the fix (Cisco Advisory).