CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6380
https://notcve.org/view.php?id=CVE-2015-6380
24 Nov 2015 — An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. Una secuencia de comandos no especificada en la interfaz web en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de parámetros manipulados, también ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6368
https://notcve.org/view.php?id=CVE-2015-6368
19 Nov 2015 — Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a atacantes remotos leer archivos a través de peticiones HTTP manipuladas, también conocido como Bug ID CSCux10608. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6369
https://notcve.org/view.php?id=CVE-2015-6369
19 Nov 2015 — The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. El controlador USB en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a atacantes físicamente próximos provocar una denegación de servicio a través de un dispositivo USB manipulado que desencadena comandos USB no vál... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6370
https://notcve.org/view.php?id=CVE-2015-6370
19 Nov 2015 — The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. El componente Management I/O (MIO) en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a usuarios locales ejecutar comandos SO arbitrarios como root a través de una entrada CLI manipulada, también conocido como Bug ID CSCux10578. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6371
https://notcve.org/view.php?id=CVE-2015-6371
19 Nov 2015 — Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a usuarios remotos autenticados leer archivos arbitrarios a través de parámetros manipulados en secuencias de comandos no especificadas, también conocido como Bug ID CSCux10621. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6374
https://notcve.org/view.php?id=CVE-2015-6374
19 Nov 2015 — The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. La interfaz web en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 no restringe adecuadamente el uso de elementos IFRAME, lo que hace más fácil para atacantes remotos ll... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6372
https://notcve.org/view.php?id=CVE-2015-6372
18 Nov 2015 — Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. Vulnerabilidad de XSS en la interfaz de gestión basada en web en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6373
https://notcve.org/view.php?id=CVE-2015-6373
18 Nov 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. Vulnerabilidad de CSRF en Cisco Firepower Extensible Operating System 1.1(1.160) en dispositivos Firepower 9000 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocida como Bug ID CSCux10611. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4287
https://notcve.org/view.php?id=CVE-2015-4287
29 Jul 2015 — Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. Vulnerabilidad en Cisco Firepower Extensible Operating System 1.1(1.86) en dispositivos Firepower 9000, permite a atacantes remotos evadir la restricción destinada al acceso y obtener información sensible del dispositivo visitando una página web no especificada, tambié... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40136 • CWE-264: Permissions, Privileges, and Access Controls •