Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firepower_threat_defense
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 205 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-13 | CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected... | Firepower_threat_defense, Ios_xe, Meraki_mx100_firmware, Meraki_mx250_firmware, Meraki_mx450_firmware, Meraki_mx64_firmware, Meraki_mx64w_firmware, Meraki_mx67_firmware, Meraki_mx67c_firmware, Meraki_mx67w_firmware, Meraki_mx68_firmware, Meraki_mx68cw_firmware, Meraki_mx68w_firmware, Meraki_mx84_firmware, Secure_firewall_management_center, Snort | 5.3 | ||
| 2021-01-13 | CVE-2021-1236 | Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious... | Firepower_threat_defense, Ios_xe, Secure_firewall_management_center, Snort | 5.3 | ||
| 2021-04-29 | CVE-2021-1256 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a... | Firepower_threat_defense | 6.0 | ||
| 2021-04-29 | CVE-2021-1402 | A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device.... | Firepower_threat_defense | 8.6 | ||
| 2021-04-29 | CVE-2021-1445 | Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the... | Adaptive_security_appliance_software, Firepower_threat_defense | 7.5 | ||
| 2021-04-29 | CVE-2021-1448 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the... | Firepower_threat_defense | 7.8 | ||
| 2021-04-29 | CVE-2021-1476 | A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A... | Adaptive_security_appliance_software, Firepower_threat_defense | 6.7 | ||
| 2021-04-29 | CVE-2021-1488 | A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow... | Adaptive_security_appliance_software, Firepower_threat_defense | 6.7 | ||
| 2021-04-29 | CVE-2021-1495 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. | Firepower_threat_defense, Ios_xe, Snort | 5.3 | ||
| 2021-04-29 | CVE-2021-1493 | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit... | Adaptive_security_appliance_software, Firepower_threat_defense | 7.1 |