CVSS: 9.0EPSS: 72%CPEs: 20EXPL: 4CVE-2016-6433 – Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-6433
05 Oct 2016 — The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versión 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de parámetros de aplicación web manipulados, vulnerabilidad también conocida como Bug ID CSCva30872. Cisco Firepower Threat ... • https://packetstorm.news/files/id/140467 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-6434 – Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
https://notcve.org/view.php?id=CVE-2016-6434
05 Oct 2016 — Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener información sensible aprovechando el acceso CLI, vulnerabilidad también conocida como Bug ID CSCva30370. Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco F... • https://packetstorm.news/files/id/138986 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 55%CPEs: 1EXPL: 3CVE-2016-6435 – Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2016-6435
05 Oct 2016 — The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. La consola web en Cisco Firepower Management Center 6.0.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de parámetros manipulados, vulnerabilidad también conocida como Bug ID CSCva30376. Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/bui... • https://packetstorm.news/files/id/181052 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6365
https://notcve.org/view.php?id=CVE-2016-6365
23 Aug 2016 — Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. Vulnerabilidad XSS en Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1 y 5.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1457
https://notcve.org/view.php?id=CVE-2016-1457
18 Aug 2016 — The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. La GUI basada en web en Cisco Firepower Management Center 4.x y 5.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1458
https://notcve.org/view.php?id=CVE-2016-1458
18 Aug 2016 — The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. La GUI basada en web en Cisco Firepower Management Center 4.x y 5.x en versiones anterio... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1431
https://notcve.org/view.php?id=CVE-2016-1431
18 Jun 2016 — Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. Vulnerabilidad de XSS en Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1 y 5.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCur25516. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-1413
https://notcve.org/view.php?id=CVE-2016-1413
28 May 2016 — The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. La interfaz web en Cisco Firepower Management Center 5.4.0 hasta la versión 6.0.0.1 permite a usuarios remotos autenticados modificar páginas colocando código manipulado en un valor de parámetro, también conocida como Bug ID CSCuy76517. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2016-1342
https://notcve.org/view.php?id=CVE-2016-1342
26 Feb 2016 — The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. La página de inicio de sesión del dispositivo en Cisco FirePOWER Management Center 5.3 hasta la versión 6.0.0.1 permite a atacantes remotos obtener información potencialmente sensible de la versión de software mediante la lectura de los archivos de ayuda, también conocida como Bug ID CSCuy36654. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-fmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6411
https://notcve.org/view.php?id=CVE-2015-6411
15 Dec 2015 — Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. Cisco FirePOWER Management Center 5.4.1.3, 6.0.0 y 6.0.1 proporciona respuestas detalladas a las solicitudes de los archivos de ayuda, lo que permite a atacantes remotos obtener información de la versión potencialmente sensible mediante la lectura de un campo... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •