CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2022-20854
https://notcve.org/view.php?id=CVE-2022-20854
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. Una vulnerabilidad en el procesamiento de conexiones SSH de Cisco Firepower Management Center (FMC) y el software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado cause una condición de Denegación de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un manejo inadecuado de errores cuando no se puede establecer una sesión SSH. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dos-OwEunWJN • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 293EXPL: 0CVE-2022-20947
https://notcve.org/view.php?id=CVE-2022-20947
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. Una vulnerabilidad en la funcionalidad de las políticas de acceso dinámico (DAP) del software Cisco Adaptive Security Appliance (ASA) y del software Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue, lo que resultaría en una condición de Denegación de Servicio (DoS). • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3550 – Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-3550
A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device. Una vulnerabilidad en el demonio sfmgr de Cisco Firepower Management Center (FMC) Software y Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto autenticado llevar a cabo un salto de directorio y acceder a directorios fuera de la ruta restringida. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12681 – Cisco Firepower Management Center SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12681
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Múltiples vulnerabilidades en la interfaz de administración basada en web del Software Cisco Firepower Management Center (FMC), podrían permitir a un atacante remoto autenticado ejecutar inyecciones SQL arbitrarias sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1949 – Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1949
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Firepower Management Center de Cisco, podría permitir a un atacante remoto autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web de un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fmc-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •