CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6673
https://notcve.org/view.php?id=CVE-2017-6673
13 Jun 2017 — A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6368
https://notcve.org/view.php?id=CVE-2016-6368
20 Apr 2017 — A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit... • http://www.securityfocus.com/bid/97932 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3885
https://notcve.org/view.php?id=CVE-2017-3885
07 Apr 2017 — A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic... • http://www.securityfocus.com/bid/97451 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3847
https://notcve.org/view.php?id=CVE-2017-3847
22 Feb 2017 — A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1. Una vulnerabilidad en el marco web de Cisco Firepower Management Center podría permitir a un atacante remoto autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web. Más Información: CSCvc72741. • http://www.securityfocus.com/bid/96253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3809
https://notcve.org/view.php?id=CVE-2017-3809
03 Feb 2017 — A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. Una vulnerabilidad en el módulo de implementación de Políticas de Cisco Firepower Management Center (FMC) podría permitir que un atacante remoto no autenticado prevenga el despliegue de una base de reglas... • http://www.securityfocus.com/bid/95941 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3814
https://notcve.org/view.php?id=CVE-2017-3814
03 Feb 2017 — A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. Una vulnerabilidad en Cisco Firepower System Software podría permitir a un atacante remoto no autenticado eludir maliciosamente la capacidad del aparato para bloquear ciertos contenidos web, vulnerabilidad también conocida como un UR... • http://www.securityfocus.com/bid/95942 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-9193
https://notcve.org/view.php?id=CVE-2016-9193
14 Dec 2016 — A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. Una vulnerab... • http://www.securityfocus.com/bid/94801 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-6439
https://notcve.org/view.php?id=CVE-2016-6439
27 Oct 2016 — A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a D... • http://www.securityfocus.com/bid/93787 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6419
https://notcve.org/view.php?id=CVE-2016-6419
05 Oct 2016 — SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. Vulnerabilidad de inyección SQL en Cisco Firepower Management Center 4.10.3 hasta la versión 5.4.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como Bug ID CSCur25485. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-6434 – Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
https://notcve.org/view.php?id=CVE-2016-6434
05 Oct 2016 — Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener información sensible aprovechando el acceso CLI, vulnerabilidad también conocida como Bug ID CSCva30370. Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco F... • https://packetstorm.news/files/id/138986 • CWE-287: Improper Authentication •