A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
Conclusion & alert: CVE-2021-34761 is rated Low Risk (30.8/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.16%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-11-21 | 0.05% | 0.16% | +0.11% |
| 2 | 2025-11-18 | 0.18% | 0.05% | -0.13% |
| 3 | 2025-03-17 | — | 0.18% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.4 | 3.1 | MEDIUM |
|
0.8 | 3.6 | [email protected] |
| 6.0 | 3.1 | MEDIUM |
|
0.8 | 5.2 | [email protected] |
| 6.6 | 2.0 | MEDIUM |
|
3.9 | 9.2 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| cisco | firepower_management_center_virtual_appliance | 6.2.3 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.2.3:*:*:*:*:*:*:* |
| cisco | firepower_management_center_virtual_appliance | 6.4.0 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.4.0:*:*:*:*:*:*:* |
| cisco | firepower_management_center_virtual_appliance | 6.6.1 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.6.1:*:*:*:*:*:*:* |
| cisco | firepower_management_center_virtual_appliance | 6.7.0 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:6.7.0:*:*:*:*:*:*:* |
| cisco | firepower_management_center_virtual_appliance | 7.0.0 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.0.0:*:*:*:*:*:*:* |
| cisco | firepower_management_center_virtual_appliance | 7.1.0 | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:7.1.0:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense | >= 6.4.0, < 6.4.0.13 | cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense | >= 6.6.0, < 6.6.5 | cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense | >= 6.7.0, < 6.7.0.3 | cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense | >= 7.0.0, < 7.0.1 | cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 6.2.3 | cpe:2.3:a:cisco:sourcefire_defense_center:6.2.3:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 6.4.0 | cpe:2.3:a:cisco:sourcefire_defense_center:6.4.0:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 6.6.1 | cpe:2.3:a:cisco:sourcefire_defense_center:6.6.1:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 6.7.0 | cpe:2.3:a:cisco:sourcefire_defense_center:6.7.0:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 7.0.0 | cpe:2.3:a:cisco:sourcefire_defense_center:7.0.0:*:*:*:*:*:*:* |
| cisco | sourcefire_defense_center | 7.1.0 | cpe:2.3:a:cisco:sourcefire_defense_center:7.1.0:*:*:*:*:*:*:* |