Cisco Firepower Management Center vulnerabilities

CVE-2025-20265 [CRITICAL] CWE-74 CVE-2025-20265: A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (F A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could

CVE-2025-20148 [HIGH] CWE-20 CVE-2025-20148: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitti

CVE-2025-20235 [MEDIUM] CWE-79 CVE-2025-20235: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interfa

CVE-2025-20301 [MEDIUM] CWE-862 CVE-2025-20301: A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an au A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a troubleshoot file for a

CVE-2025-20306 [MEDIUM] CWE-77 CVE-2025-20306: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request paramete

CVE-2025-20302 [MEDIUM] CWE-862 CVE-2025-20302: A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an au A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file

CVE-2025-20220 [MEDIUM] CWE-78 CVE-2025-20220: A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secur A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacke

CVE-2025-20218 [MEDIUM] CWE-643 CVE-2025-20218: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request

CVE-2021-34751 [MEDIUM] CWE-317 CVE-2021-34751: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Managem A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption

CVE-2021-34750 [MEDIUM] CWE-317 CVE-2021-34750: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Managem A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability is due to lack of proper encryption of sens

CVE-2024-20424 [CRITICAL] CWE-78 CVE-2024-20424: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain

CVE-2024-20374 [MEDIUM] CWE-269 CVE-2024-20374: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient i

CVE-2024-20386 [MEDIUM] CWE-79 CVE-2024-20386: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-ba

CVE-2024-20273 [MEDIUM] CWE-79 CVE-2024-20273: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based man

CVE-2024-20372 [MEDIUM] CWE-79 CVE-2024-20372: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-ba

CVE-2024-20473 [MEDIUM] CWE-89 CVE-2024-20473: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit t

CVE-2024-20388 [MEDIUM] CWE-202 CVE-2024-20388: A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software c A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password r

CVE-2024-20387 [MEDIUM] CWE-79 CVE-2024-20387: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authentic A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a

CVE-2024-20298 [MEDIUM] CWE-79 CVE-2024-20298: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2024-20264 [MEDIUM] CWE-79 CVE-2024-20264: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag