Cisco Firepower Management Center vulnerabilities

CVE-2019-1949 [MEDIUM] CWE-79 CVE-2019-1949: A vulnerability in the web-based management interface of Cisco Firepower Management Center could all A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based ma

CVE-2019-1931 [MEDIUM] CWE-79 CVE-2019-1931: Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepow Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation o

CVE-2019-1930 [MEDIUM] CWE-79 CVE-2019-1930: Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepow Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation o

CVE-2019-1802 [MEDIUM] CWE-79 CVE-2019-1802: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-ba

CVE-2019-1671 [MEDIUM] CWE-79 CVE-2019-1671: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-

CVE-2019-1642 [MEDIUM] CWE-79 CVE-2019-1642: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input

CVE-2018-15458 [HIGH] CWE-399 CVE-2018-15458: A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filte

CVE-2018-15443 [HIGH] CWE-400 CVE-2018-15443: A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenti A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a

CVE-2017-12221 [MEDIUM] CWE-79 CVE-2017-12221: A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site script A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied inpu

CVE-2017-12220 [MEDIUM] CWE-79 CVE-2017-12220: A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to ins

CVE-2017-6715 [MEDIUM] CVE-2017-6715: A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site script A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy889

CVE-2017-6717 [MEDIUM] CVE-2017-6717: A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site script A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.

CVE-2017-6716 [MEDIUM] CVE-2017-6716: A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases pr

CVE-2017-6673 [MEDIUM] CVE-2017-6673: A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0.

CVE-2016-6471 [MEDIUM] CVE-2016-6471: A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authentica A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.