Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_firewall_management_center
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 167 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-21 | CVE-2018-0365 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful... | Amp_7150_firmware, Amp_8150_firmware, Firepower_appliance_7010_firmware, Firepower_appliance_7020_firmware, Firepower_appliance_7030_firmware, Firepower_appliance_7050_firmware, Firepower_appliance_7110_firmware, Firepower_appliance_7115_firmware, Firepower_appliance_7120_firmware, Firepower_appliance_7125_firmware, Firepower_appliance_8120_firmware, Firepower_appliance_8130_firmware, Firepower_appliance_8140_firmware, Firepower_appliance_8250_firmware, Firepower_appliance_8260_firmware, Firepower_appliance_8270_firmware, Firepower_appliance_8290_firmware, Firepower_appliance_8350_firmware, Firepower_appliance_8360_firmware, Firepower_appliance_8370_firmware, Firepower_appliance_8390_firmware, Firepower_management_center_1000_firmware, Firepower_management_center_2000_firmware, Firepower_management_center_2500_firmware, Firepower_management_center_4000_firmware, Firepower_management_center_4500_firmware, Firepower_management_center_virtual_appliance, Firesight_management_center_1500_firmware, Firesight_management_center_3500_firmware, Firesight_management_center_750_firmware, Ngips_virtual_appliance, Secure_firewall_management_center | 8.8 | ||
| 2016-05-28 | CVE-2016-1413 | The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | Secure_firewall_management_center | 6.5 | ||
| 2015-12-15 | CVE-2015-6411 | Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | Secure_firewall_management_center | N/A | ||
| 2016-02-26 | CVE-2016-1342 | The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | Secure_firewall_management_center | 5.3 | ||
| 2016-06-18 | CVE-2016-1431 | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | Secure_firewall_management_center | 6.1 | ||
| 2016-08-18 | CVE-2016-1457 | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | Secure_firewall_management_center | 8.8 | ||
| 2016-08-18 | CVE-2016-1458 | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | Secure_firewall_management_center | 8.8 | ||
| 2016-08-23 | CVE-2016-6365 | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. | Secure_firewall_management_center | 6.1 | ||
| 2016-10-05 | CVE-2016-6419 | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | Secure_firewall_management_center | 7.5 | ||
| 2016-10-06 | CVE-2016-6433 | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | Secure_firewall_management_center | 8.8 |