CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1488 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1488
29 Apr 2021 — A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to i... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1476 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1476
29 Apr 2021 — A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-cmd-inj-SELprvG • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1445 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1445
29 Apr 2021 — Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to relo... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3554 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3554
21 Oct 2020 — A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resourc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 93%CPEs: 10EXPL: 5CVE-2020-3580 – Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2020-3580
21 Oct 2020 — Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading ... • https://github.com/adarshvs/CVE-2020-3580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3581 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3581
21 Oct 2020 — Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3599 – Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3599
21 Oct 2020 — A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to exec... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-rxss-L54Htxp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-3585 – Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability
https://notcve.org/view.php?id=CVE-2020-3585
21 Oct 2020 — A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the de... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-tls-bb-2g9uWkP • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3583 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3583
21 Oct 2020 — Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3582 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3582
21 Oct 2020 — Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •