CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15269 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15269
16 Oct 2019 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could al... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15268 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15268
16 Oct 2019 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could al... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-12627 – Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12627
21 Aug 2019 — A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Una vulnerabilidad en la configuración de... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 221EXPL: 0CVE-2018-0365
https://notcve.org/view.php?id=CVE-2018-0365
21 Jun 2018 — A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow t... • http://www.securityfocus.com/bid/104519 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2018-0254
https://notcve.org/view.php?id=CVE-2018-0254
19 Apr 2018 — A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability is due to incorrect counting of the percentage of dropped traffic. An attacker could exploit this vulnerability by sending network traffic to a targeted device. An exploit could allow the attacker to bypass configured file action pol... • http://www.securityfocus.com/bid/103940 • CWE-693: Protection Mechanism Failure •