CVE-2021-34764: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2021-34764) was discovered in the web interface of Cisco Firepower Management Center (FMC) Software. The vulnerability was disclosed on October 27, 2021, affecting multiple versions of Cisco FMC Software. This security flaw could allow an unauthenticated, remote attacker to redirect a user to a malicious web page (Cisco Advisory).

The vulnerability stems from improper input validation of HTTP request parameters in the web interface of Cisco FMC Software. It has been assigned a CVSS Base Score of 4.8 MEDIUM with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-601 (URL Redirection to Untrusted Site) (NVD, Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to redirect users to specific malicious web pages. The attack requires user interaction, as the attacker needs to intercept and modify an HTTP request from a user (Cisco Advisory).

Cisco has released software updates that address this vulnerability. The fixed releases include version 6.4.0.13 (Nov 2021), 6.6.5, and 6.7.0.3 (Jan 2022). Version 7.0.0 is not vulnerable. There are no workarounds available for this vulnerability. Users of affected versions are advised to upgrade to a fixed release (Cisco Advisory).