Cisco Secure Firewall Management Center vulnerabilities

CVE-2019-12683 [HIGH] CWE-89 CVE-2019-12683: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12687 [HIGH] CWE-119 CVE-2019-12687: A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenti A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow

CVE-2019-12688 [HIGH] CWE-119 CVE-2019-12688: A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenti A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow

CVE-2019-12684 [HIGH] CWE-89 CVE-2019-12684: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12686 [HIGH] CWE-89 CVE-2019-12686: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12689 [HIGH] CWE-20 CVE-2019-12689: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending mal

CVE-2019-12680 [HIGH] CWE-89 CVE-2019-12680: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL qu

CVE-2019-12691 [MEDIUM] CWE-22 CVE-2019-12691: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerabi

CVE-2019-12700 [MEDIUM] CWE-400 CVE-2019-12700: A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Fire A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource ma

CVE-2019-1970 [HIGH] CWE-693 CVE-2019-1970: A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker

CVE-2019-1949 [MEDIUM] CWE-79 CVE-2019-1949: A vulnerability in the web-based management interface of Cisco Firepower Management Center could all A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based ma

CVE-2019-1930 [MEDIUM] CWE-79 CVE-2019-1930: Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepow Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation o

CVE-2019-1931 [MEDIUM] CWE-79 CVE-2019-1931: Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepow Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation o

CVE-2019-1832 [HIGH] CWE-693 CVE-2019-1832: A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. The vulnerability is due to improper validation of ICMP packets. An attacker could exploit this vulnerability by sending crafted ICMP packets to the affected device. A succ

CVE-2019-1833 [MEDIUM] CWE-693 CVE-2019-1833: A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulner

CVE-2019-1699 [HIGH] CWE-78 CVE-2019-1699: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authentic A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allo

CVE-2019-1709 [HIGH] CWE-78 CVE-2019-1709: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authentic A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allo

CVE-2019-1696 [HIGH] CWE-400 CVE-2019-1696: Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine fo Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2019-1802 [MEDIUM] CWE-79 CVE-2019-1802: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-ba

CVE-2019-1671 [MEDIUM] CWE-79 CVE-2019-1671: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-