CVE-2022-20935 — Cross-site Scripting in Cisco Firepower Management Center

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 63.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedNov 15

Latest updateNov 16

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_center5 versions+4

▶NVDcisco/secure_firewall_management_center92 versions+91

🔴Vulnerability Details

GHSA

GHSA-crgc-54cc-qp4g: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remot↗2022-11-16

▶

CVEList

CVE-2022-20935: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remot↗2022-11-10

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities↗2022-11-09

▶