
CVE-2017-6766
https://notcve.org/view.php?id=CVE-2017-6766
07 Aug 2017 — A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker ... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652 • CWE-310: Cryptographic Issues •

CVE-2017-6735
https://notcve.org/view.php?id=CVE-2017-6735
10 Jul 2017 — A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. Una vulnerabilidad en la funcionalidad backup y restore de Cisco FireSIGHT System Software, podría permitir a un atacante local autenticado ejecutar código arbitrario en un sistema destino. Más información: CSCvc91092. • http://www.securityfocus.com/bid/99460 • CWE-20: Improper Input Validation •

CVE-2016-6471
https://notcve.org/view.php?id=CVE-2016-6471
14 Dec 2016 — A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6. Una vulnerabilidad la interfaz de administración basada en web de Cisco Firepower Management Center funcionando con el software FireSIGHT System puede permitir a un atacante remoto no autenticado ver la Remote Storage Password. Más informac... • http://www.securityfocus.com/bid/94805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2016-9193
https://notcve.org/view.php?id=CVE-2016-9193
14 Dec 2016 — A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. Una vulnerab... • http://www.securityfocus.com/bid/94801 • CWE-20: Improper Input Validation •

CVE-2016-6460
https://notcve.org/view.php?id=CVE-2016-6460
19 Nov 2016 — A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Kno... • http://www.securityfocus.com/bid/94359 • CWE-254: 7PK - Security Features •

CVE-2016-6417
https://notcve.org/view.php?id=CVE-2016-6417
05 Oct 2016 — Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 4.10.2 hasta la versión 6.1.0 y Firepower Management Center permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, vulnerabilidad también conocida como Bug ID CSCva21636. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2016-6420
https://notcve.org/view.php?id=CVE-2016-6420
05 Oct 2016 — Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. Cisco FireSIGHT System Software 4.10.3 hasta la versión 5.4.0 en Firepower Management Center permite a usuarios remotos autenticados eludir comprobaciones de autorización y obtener privilegios a través de una petición HTTP manipulada, vulnerabilidad también conocida como Bug ID CSCur25467. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVE-2016-6411
https://notcve.org/view.php?id=CVE-2016-6411
24 Sep 2016 — Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. Cisco Firepower Management Center y FireSIGHT System Software 6.0.1 maneja de forma incorrecta las comparaciones entre URLs y certificados X.509, lo que permite a atacantes remotos eludir configuraciones destinadas al no-descifrado a través de una URL manipulada, vuln... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc • CWE-20: Improper Input Validation •

CVE-2016-6394
https://notcve.org/view.php?id=CVE-2016-6394
12 Sep 2016 — Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. Vulnerabilidad de fijación de sesión en Cisco Firepower Management Center y Cisco FireSIGHT System Software hasta la versión 6.1.0 permite a atacantes remotos secuestrar sesiones web a través de un identificador de sesión, vulnerabilidad también conocida como Bug ID CSCuz80503. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2016-6395
https://notcve.org/view.php?id=CVE-2016-6395
12 Sep 2016 — Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. Vulnerabilidad de XSS en la interfaz de administración basada en web en Cisco Firepower Management Center en versiones anteriores a 6.1 y FireSIGHT System Software en versiones anteriores a 6.1 permite a usuarios remotos autentic... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •