Cisco Secure Firewall Management Center vulnerabilities
178 known vulnerabilities affecting cisco/secure_firewall_management_center.
Total CVEs
178
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH56MEDIUM116
Vulnerabilities
Page 2 of 9
CVE-2024-20386MEDIUMCVSS 6.1v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20386 [MEDIUM] CWE-79 CVE-2024-20386: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-ba
nvd
CVE-2024-20274MEDIUMCVSS 5.5v6.2.3v6.2.3.1+84 more2024-10-23
CVE-2024-20274 [MEDIUM] CWE-20 CVE-2024-20274: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.
This vulnerability is due to improper validation of user-supplied data. An att
nvd
CVE-2024-20387MEDIUMCVSS 5.4v6.2.3.17v6.2.3.18+22 more2024-10-23
CVE-2024-20387 [MEDIUM] CWE-79 CVE-2024-20387: A vulnerability in the web-based management interface of Cisco FMC Software could allow an authentic
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a
nvd
CVE-2024-20482MEDIUMCVSS 6.5v7.2.0v7.2.0.1+17 more2024-10-23
CVE-2024-20482 [MEDIUM] CWE-863 CVE-2024-20482: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configure
nvd
CVE-2024-20415MEDIUMCVSS 6.1v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20415 [MEDIUM] CWE-79 CVE-2024-20415: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based man
nvd
CVE-2024-20472MEDIUMCVSS 6.5v7.3.0v7.3.1+5 more2024-10-23
CVE-2024-20472 [MEDIUM] CWE-89 CVE-2024-20472: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit t
nvd
CVE-2024-20471MEDIUMCVSS 6.5v6.2.3v6.2.3.1+89 more2024-10-23
CVE-2024-20471 [MEDIUM] CWE-89 CVE-2024-20471: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit th
nvd
CVE-2024-20273MEDIUMCVSS 6.1v6.2.3v6.2.3.1+81 more2024-10-23
CVE-2024-20273 [MEDIUM] CWE-79 CVE-2024-20273: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based man
nvd
CVE-2024-20388MEDIUMCVSS 5.3v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20388 [MEDIUM] CWE-202 CVE-2024-20388: A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software c
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.
This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password r
nvd
CVE-2024-20275MEDIUMCVSS 6.1v7.1.0v7.1.0.1+20 more2024-10-23
CVE-2024-20275 [MEDIUM] CWE-78 CVE-2024-20275: A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Softw
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
This vulnerability is due to insufficient validation of user data that is supplied thro
nvd
CVE-2024-20403MEDIUMCVSS 5.4v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20403 [MEDIUM] CWE-79 CVE-2024-20403: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag
nvd
CVE-2024-20409MEDIUMCVSS 6.1v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20409 [MEDIUM] CWE-79 CVE-2024-20409: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based man
nvd
CVE-2024-20372MEDIUMCVSS 6.1v6.2.3v6.2.3.1+75 more2024-10-23
CVE-2024-20372 [MEDIUM] CWE-79 CVE-2024-20372: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-ba
nvd
CVE-2024-20379MEDIUMCVSS 6.5v7.3.0v7.3.1+2 more2024-10-23
CVE-2024-20379 [MEDIUM] CWE-36 CVE-2024-20379: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
This vulnerability exists because the web-based management interface does not proper
nvd
CVE-2024-20360HIGHCVSS 8.8v7.0.0v7.0.0.1+25 more2024-05-22
CVE-2024-20360 [HIGH] CWE-89 CVE-2024-20360: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulne
nvd
CVE-2024-20361MEDIUMCVSS 5.8v7.1.0v7.1.0.1+10 more2024-05-22
CVE-2024-20361 [MEDIUM] CWE-264 CVE-2024-20361: A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Mana
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment
nvd
CVE-2023-20048CRITICALCVSS 9.9PoC≥ 6.2.3, ≤ 6.2.3.18≥ 6.4.0, ≤ 6.4.0.16+6 more2023-11-01
CVE-2023-20048 [CRITICAL] CWE-269 CVE-2023-20048: A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software co
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configurati
nvd
CVE-2023-20219HIGHCVSS 8.8≥ 6.2.3, ≤ 6.2.3.18≥ 6.4.0, ≤ 6.4.0.16+5 more2023-11-01
CVE-2023-20219 [HIGH] CWE-78 CVE-2023-20219: Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC)
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vu
nvd
CVE-2023-20063HIGHCVSS 8.2≥ 6.2.3, ≤ 6.2.3.18≥ 6.4.0, ≤ 6.4.0.16+4 more2023-11-01
CVE-2023-20063 [HIGH] CWE-94 CVE-2023-20063: A vulnerability in the inter-device communication mechanisms between devices that are running Cisco
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affect
nvd
CVE-2023-20220HIGHCVSS 8.8≥ 6.2.3, ≤ 6.2.3.18≥ 6.4.0, ≤ 6.4.0.16+6 more2023-11-01
CVE-2023-20220 [HIGH] CWE-22 CVE-2023-20220: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. T
nvd