Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firepower_management_center
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 155 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-10-16 | CVE-2019-15280 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are... | Firepower_management_center | N/A | ||
2019-05-03 | CVE-2019-1709 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | Firepower_management_center, Firepower_threat_defense | 7.8 | ||
2019-05-03 | CVE-2019-1699 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | Firepower_management_center | 7.8 | ||
2019-02-07 | CVE-2019-1671 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click... | Firepower_management_center | 6.1 | ||
2019-01-23 | CVE-2019-1642 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the... | Firepower_management_center | 6.1 | ||
2019-01-10 | CVE-2018-15458 | A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this... | Firepower_management_center | 7.5 | ||
2018-07-16 | CVE-2018-0384 | A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected... | Firepower_management_center | 5.8 | ||
2018-07-16 | CVE-2018-0383 | A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow... | Firepower_management_center | 8.6 | ||
2018-07-16 | CVE-2018-0370 | A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. An attacker could exploit this vulnerability by sending malicious traffic through an affected device. An exploit could allow the attacker to... | Firepower_management_center | 7.5 | ||
2018-06-21 | CVE-2018-0365 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful... | Amp_7150_firmware, Amp_8150_firmware, Firepower_appliance_7010_firmware, Firepower_appliance_7020_firmware, Firepower_appliance_7030_firmware, Firepower_appliance_7050_firmware, Firepower_appliance_7110_firmware, Firepower_appliance_7115_firmware, Firepower_appliance_7120_firmware, Firepower_appliance_7125_firmware, Firepower_appliance_8120_firmware, Firepower_appliance_8130_firmware, Firepower_appliance_8140_firmware, Firepower_appliance_8250_firmware, Firepower_appliance_8260_firmware, Firepower_appliance_8270_firmware, Firepower_appliance_8290_firmware, Firepower_appliance_8350_firmware, Firepower_appliance_8360_firmware, Firepower_appliance_8370_firmware, Firepower_appliance_8390_firmware, Firepower_management_center, Firepower_management_center_1000_firmware, Firepower_management_center_2000_firmware, Firepower_management_center_2500_firmware, Firepower_management_center_4000_firmware, Firepower_management_center_4500_firmware, Firepower_management_center_virtual_appliance, Firesight_management_center_1500_firmware, Firesight_management_center_3500_firmware, Firesight_management_center_750_firmware, Ngips_virtual_appliance | 8.8 |