A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see .
CVE-2021-34751
MEDIUMNVD 4.34.3—
EchelonGraph scoreMEDIUM confidence
Score 4.3 from GitHub Security Advisory published 2024-11-15. NVD baseline CVSS 4.3; sources differ by 0.0.
Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
4.3
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
- Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 4.3Exploit: NoneExposed: 0
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 4.3
- EG Score
- 4.3(medium)
- EPSS
- 18.8%
- KEV
- Not listed
Published
November 15, 2024
Last Modified
August 7, 2025
References (1)
Frequently asked(5)
What is CVE-2021-34751?
CVE-2021-34751 is a medium vulnerability published on November 15, 2024. A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This…
When was CVE-2021-34751 disclosed?
CVE-2021-34751 was first published in the National Vulnerability Database on November 15, 2024, with the most recent update on August 7, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2021-34751 actively exploited?
CVE-2021-34751 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 18.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2021-34751?
CVE-2021-34751 has a CVSS v3 base score of 4.3 (NVD).
How do I remediate CVE-2021-34751?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2021-34751, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2021-34751
Is Your Infrastructure Affected by CVE-2021-34751?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.