CVSS: 4.8EPSS: 0%CPEs: 42EXPL: 0CVE-2024-20364
https://notcve.org/view.php?id=CVE-2024-20364
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 85EXPL: 0CVE-2024-20300 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20300
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs •
CVSS: 5.5EPSS: 0%CPEs: 86EXPL: 0CVE-2024-20274 – Cisco Secure Firewall Management Center HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-20274
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-nfJeYHxz •
CVSS: 6.4EPSS: 0%CPEs: 83EXPL: 0CVE-2024-20273 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20273
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs •
CVSS: 4.8EPSS: 0%CPEs: 83EXPL: 0CVE-2024-20269 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20269
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2023-20063 – Cisco Cisco Firepower Threat Defense Software and Cisco Firepower Management Center Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20063
01 Nov 2023 — A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fmc-code-inj-wSHrgz8L • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20220
https://notcve.org/view.php?id=CVE-2023-20220
01 Nov 2023 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabili... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-20219
https://notcve.org/view.php?id=CVE-2023-20219
01 Nov 2023 — Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 8EXPL: 2CVE-2023-20048 – Cisco Firepower Management Center Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-20048
01 Nov 2023 — A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and s... • https://packetstorm.news/files/id/177562 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20005
https://notcve.org/view.php?id=CVE-2023-20005
01 Nov 2023 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interf... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-sK2gkfvJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •