Cisco Secure Firewall Management Center vulnerabilities

CVE-2019-15992 [HIGH] CWE-119 CVE-2019-15992: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security A A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is d

CVE-2020-3318 [CRITICAL] CWE-798 CVE-2020-3318: Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower Use Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3302 [HIGH] CWE-20 CVE-2020-3302: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an aut A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device

CVE-2020-3312 [HIGH] CWE-284 CVE-2020-3312: A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Soft A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending cra

CVE-2020-3313 [MEDIUM] CWE-79 CVE-2020-3313: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an una A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2020-3301 [MEDIUM] CWE-798 CVE-2020-3301: Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower Use Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3308 [MEDIUM] CWE-347 CVE-2020-3308: A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker

CVE-2020-3311 [MEDIUM] CWE-601 CVE-2020-3311: A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request

CVE-2020-3307 [MEDIUM] CWE-20 CVE-2020-3307: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an una A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected devic

CVE-2020-3315 [MEDIUM] CWE-693 CVE-2020-3315: Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could all Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by se

CVE-2019-1982 [MEDIUM] CWE-264 CVE-2019-1982: A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those com

CVE-2019-1981 [MEDIUM] CWE-264 CVE-2019-1981: A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An atta

CVE-2019-1978 [MEDIUM] CWE-264 CVE-2019-1978: A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could e

CVE-2019-1980 [MEDIUM] CWE-264 CVE-2019-1980: A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisc A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a n

CVE-2019-15280 [MEDIUM] CWE-79 CVE-2019-15280: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based

CVE-2019-12679 [HIGH] CWE-89 CVE-2019-12679: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12690 [HIGH] CWE-78 CVE-2019-12690: A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenti A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exp

CVE-2019-12681 [HIGH] CWE-89 CVE-2019-12681: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12685 [HIGH] CWE-89 CVE-2019-12685: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12682 [HIGH] CWE-89 CVE-2019-12682: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu