Cisco Firepower Threat Defense vulnerabilities

CVE-2019-12694 [MEDIUM] CWE-20 CVE-2019-12694: A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerab

CVE-2019-12695 [MEDIUM] CWE-79 CVE-2019-12695: A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to in

CVE-2019-12700 [MEDIUM] CWE-400 CVE-2019-12700: A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Fire A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource ma

CVE-2019-12627 [HIGH] CWE-284 CVE-2019-12627: A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to a

CVE-2019-1970 [HIGH] CWE-693 CVE-2019-1970: A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker

CVE-2019-1687 [HIGH] CWE-20 CVE-2019-1687: A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspect

CVE-2019-1704 [HIGH] CWE-400 CVE-2019-1704: Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine fo Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2018-15462 [HIGH] CWE-399 CVE-2018-15462: A vulnerability in the TCP ingress handler for the data interfaces that are configured with manageme A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress T

CVE-2019-1709 [HIGH] CWE-78 CVE-2019-1709: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authentic A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allo

CVE-2018-15388 [HIGH] CWE-400 CVE-2018-15388: A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacke

CVE-2019-1694 [HIGH] CWE-20 CVE-2019-1694: A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An att

CVE-2019-1708 [HIGH] CWE-404 CVE-2019-1708: A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) fe A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (Do

CVE-2019-1697 [HIGH] CWE-20 CVE-2019-1697: A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are d

CVE-2019-1714 [HIGH] CWE-255 CVE-2019-1714: A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-O A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN

CVE-2019-1696 [HIGH] CWE-400 CVE-2019-1696: Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine fo Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2019-1703 [HIGH] CWE-400 CVE-2019-1703: A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (F A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may

CVE-2019-1715 [HIGH] CWE-332 CVE-2019-1715: A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private k

CVE-2019-1695 [MEDIUM] CWE-284 CVE-2019-1695: A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisc A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected d

CVE-2019-1693 [MEDIUM] CWE-399 CVE-2019-1693: A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An a

CVE-2019-1701 [MEDIUM] CWE-79 CVE-2019-1701: Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software a Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insuff