Page 19 of 100 results (0.018 seconds)

CVSS: 9.0EPSS: 24%CPEs: 20EXPL: 2

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versión 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de parámetros de aplicación web manipulados, vulnerabilidad también conocida como Bug ID CSCva30872. Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40463 https://www.exploit-db.com/exploits/41041 http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc http://www.securityfocus.com/bid/93414 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener información sensible aprovechando el acceso CLI, vulnerabilidad también conocida como Bug ID CSCva30370. Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40465 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1 http://www.securityfocus.com/bid/93412 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. Vulnerabilidad de inyección SQL en Cisco Firepower Management Center 4.10.3 hasta la versión 5.4.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como Bug ID CSCur25485. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc http://www.securityfocus.com/bid/93206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. Vulnerabilidad XSS en Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1 y 5.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs CSCur25508 y CSCur25518. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc http://www.securityfocus.com/bid/92510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. La GUI basada en web en Cisco Firepower Management Center 4.x y 5.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 y Cisco Adaptive Security Appliance (ASA) Software en dispositivos 5500-X con FirePOWER Services 4.x y 5.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root a través de peticiones HTTP manipuladas, también conocido como Bug ID CSCur25513. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc http://www.securityfocus.com/bid/92509 http://www.securitytracker.com/id/1036642 • CWE-264: Permissions, Privileges, and Access Controls •