CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20740 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-20740
03 May 2022 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scri... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-SfpEcvGT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20743 – Cisco Firepower Management Center File Upload Security Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-20743
03 May 2022 — A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1477 – Cisco Firepower Management Center Software Policy Vulnerability
https://notcve.org/view.php?id=CVE-2021-1477
29 Apr 2021 — A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-iac-pZDMQ4wC • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1458 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1458
29 Apr 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1457 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1457
29 Apr 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1456 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1456
29 Apr 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1455 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1455
29 Apr 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1267 – Cisco Firepower Management Center XML Entity Expansion Vulnerability
https://notcve.org/view.php?id=CVE-2021-1267
13 Jan 2021 — A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition. Una vulnerabilidad en el widg... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xee-DFzARDcs • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1126 – Cisco Firepower Management Center Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1126
13 Jan 2021 — A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1239 – Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1239
13 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-stored-xss-djKfCzf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •