CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-6439
https://notcve.org/view.php?id=CVE-2016-6439
27 Oct 2016 — A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a D... • http://www.securityfocus.com/bid/93787 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 72%CPEs: 20EXPL: 4CVE-2016-6433 – Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-6433
05 Oct 2016 — The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versión 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de parámetros de aplicación web manipulados, vulnerabilidad también conocida como Bug ID CSCva30872. Cisco Firepower Threat ... • https://packetstorm.news/files/id/140467 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-1413
https://notcve.org/view.php?id=CVE-2016-1413
28 May 2016 — The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. La interfaz web en Cisco Firepower Management Center 5.4.0 hasta la versión 6.0.0.1 permite a usuarios remotos autenticados modificar páginas colocando código manipulado en un valor de parámetro, también conocida como Bug ID CSCuy76517. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2016-1342
https://notcve.org/view.php?id=CVE-2016-1342
26 Feb 2016 — The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. La página de inicio de sesión del dispositivo en Cisco FirePOWER Management Center 5.3 hasta la versión 6.0.0.1 permite a atacantes remotos obtener información potencialmente sensible de la versión de software mediante la lectura de los archivos de ayuda, también conocida como Bug ID CSCuy36654. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-fmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6411
https://notcve.org/view.php?id=CVE-2015-6411
15 Dec 2015 — Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. Cisco FirePOWER Management Center 5.4.1.3, 6.0.0 y 6.0.1 proporciona respuestas detalladas a las solicitudes de los archivos de ayuda, lo que permite a atacantes remotos obtener información de la versión potencialmente sensible mediante la lectura de un campo... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •