Page 11 of 83 results (0.011 seconds)

CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. Una vulnerabilidad en la implementación del intérprete Lua integrado en Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios root en el sistema operativo Linux subyacente de un dispositivo afectado. La vulnerabilidad es debido a restricciones insuficientes en las llamadas a funciones Lua permitidas dentro del contexto de los scripts Lua suministrados por el usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Firepower Management Center (FMC), podría permitir a un atacante remoto no autenticado omitir la autenticación y ejecutar acciones arbitrarias con privilegios administrativos en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth • CWE-287: Improper Authentication •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Una vulnerabilidad en la funcionalidad Image Signature Verification del Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto autenticado con credenciales de nivel de administrador instalar un parche de software malicioso sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. Una vulnerabilidad en la Interfaz de Usuario web del Cisco Firepower Management Center (FMC) Software, podría permitir a un atacante remoto no autenticado escribir entradas arbitrarias en el archivo de registro sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alfo-tHwFDmTE • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower Management Center (FMC) Software y el Cisco Firepower User Agent Software, podrían permitir a un atacante acceder a una parte confidencial de un sistema afectado con una cuenta muy privilegiada. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct • CWE-798: Use of Hard-coded Credentials •