Cisco Secure Firewall Management Center vulnerabilities

CVE-2022-20935 [MEDIUM] CWE-79 CVE-2022-20935: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20905 [MEDIUM] CWE-79 CVE-2022-20905: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20834 [MEDIUM] CWE-79 CVE-2022-20834: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20836 [MEDIUM] CWE-79 CVE-2022-20836: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20838 [MEDIUM] CWE-79 CVE-2022-20838: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20936 [MEDIUM] CWE-79 CVE-2022-20936: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20872 [MEDIUM] CWE-79 CVE-2022-20872: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by

CVE-2022-20743 [HIGH] CWE-434 CVE-2022-20743: A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An a

CVE-2022-20628 [MEDIUM] CWE-79 CVE-2022-20628: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2022-20744 [MEDIUM] CWE-807 CVE-2022-20744: A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Softwa A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerab

CVE-2022-20740 [MEDIUM] CWE-80 CVE-2022-20740: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability

CVE-2022-20629 [MEDIUM] CWE-79 CVE-2022-20629: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2022-20627 [MEDIUM] CWE-79 CVE-2022-20627: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2021-34754 [HIGH] CWE-284 CVE-2021-34754: Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic f Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attac

CVE-2021-40114 [HIGH] CWE-770 CVE-2021-40114: Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine proces Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP

CVE-2021-40116 [HIGH] CWE-241 CVE-2021-40116: Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthent Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints.

CVE-2021-34749 [HIGH] CWE-200 CVE-2021-34749: A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Applianc A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to

CVE-2021-1455 [MEDIUM] CWE-79 CVE-2021-1455: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2021-1456 [MEDIUM] CWE-79 CVE-2021-1456: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte

CVE-2021-1458 [MEDIUM] CWE-79 CVE-2021-1458: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management inte