Cisco Firepower Management Center vulnerabilities

CVE-2021-1267 [MEDIUM] CWE-776 CVE-2021-1267: A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could al A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on

CVE-2021-1238 [MEDIUM] CWE-79 CVE-2021-1238: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validat

CVE-2021-1239 [MEDIUM] CWE-79 CVE-2021-1239: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validat

CVE-2021-1126 [MEDIUM] CWE-256 CVE-2021-1126: A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessi

CVE-2020-3549 [HIGH] CWE-326 CVE-2020-3549: A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software an A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacke

CVE-2020-3410 [HIGH] CWE-287 CVE-2020-3410: A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during

CVE-2020-3550 [HIGH] CWE-22 CVE-2020-3550: A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Fi A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this

CVE-2020-3499 [HIGH] CWE-399 CVE-2020-3499: A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could a A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious request

CVE-2020-3558 [MEDIUM] CWE-601 CVE-2020-3558: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an

CVE-2020-3553 [MEDIUM] CWE-79 CVE-2020-3553: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2020-3557 [MEDIUM] CWE-295 CVE-2020-3557: A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software cou A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream t

CVE-2020-3515 [MEDIUM] CWE-79 CVE-2020-3515: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2020-3320 [MEDIUM] CWE-79 CVE-2020-3320: A vulnerability in the web-based management interface of Cisco Firepower Management Center could all A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based ma

CVE-2019-16028 [CRITICAL] CWE-287 CVE-2019-16028: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) a

CVE-2020-3318 [CRITICAL] CWE-798 CVE-2020-3318: Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower Use Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3302 [HIGH] CWE-20 CVE-2020-3302: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an aut A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device

CVE-2020-3313 [MEDIUM] CWE-79 CVE-2020-3313: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an una A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2020-3311 [MEDIUM] CWE-601 CVE-2020-3311: A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request

CVE-2020-3301 [MEDIUM] CWE-798 CVE-2020-3301: Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower Use Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3307 [MEDIUM] CWE-20 CVE-2020-3307: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an una A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected devic