Cisco Firepower Management Center vulnerabilities

CVE-2023-20005 [MEDIUM] CWE-79 CVE-2023-20005: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input b

CVE-2023-20206 [MEDIUM] CWE-79 CVE-2023-20206: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input b

CVE-2023-20041 [MEDIUM] CWE-79 CVE-2023-20041: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input b

CVE-2023-20074 [MEDIUM] CWE-79 CVE-2023-20074: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input b

CVE-2023-20155 [MEDIUM] CWE-770 CVE-2023-20155: A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that t

CVE-2023-20114 [MEDIUM] CWE-73 CVE-2023-20114: A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software cou A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful explo

CVE-2022-20926 [HIGH] CWE-77 CVE-2022-20926: A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Softw A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this

CVE-2022-20918 [HIGH] CWE-284 CVE-2022-20918: A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP

CVE-2022-20854 [HIGH] CWE-400 CVE-2022-20854: A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be establi

CVE-2022-20925 [HIGH] CWE-77 CVE-2022-20925: A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Softw A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this

CVE-2022-20936 [MEDIUM] CWE-79 CVE-2022-20936: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20840 [MEDIUM] CWE-79 CVE-2022-20840: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20832 [MEDIUM] CWE-79 CVE-2022-20832: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20941 [MEDIUM] CWE-334 CVE-2022-20941: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource

CVE-2022-20835 [MEDIUM] CWE-79 CVE-2022-20835: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20938 [MEDIUM] CWE-611 CVE-2022-20938: A vulnerability in the module import function of the administrative interface of Cisco Firepower Man A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by

CVE-2022-20836 [MEDIUM] CWE-79 CVE-2022-20836: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20905 [MEDIUM] CWE-79 CVE-2022-20905: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20843 [MEDIUM] CWE-79 CVE-2022-20843: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20833 [MEDIUM] CWE-79 CVE-2022-20833: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by