CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0384
https://notcve.org/view.php?id=CVE-2018-0384
16 Jul 2018 — A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A success... • http://www.securityfocus.com/bid/104725 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-0385
https://notcve.org/view.php?id=CVE-2018-0385
16 Jul 2018 — A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to ... • http://www.securityfocus.com/bid/104727 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 221EXPL: 0CVE-2018-0365
https://notcve.org/view.php?id=CVE-2018-0365
21 Jun 2018 — A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow t... • http://www.securityfocus.com/bid/104519 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0233
https://notcve.org/view.php?id=CVE-2018-0233
19 Apr 2018 — A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connecti... • http://www.securityfocus.com/bid/103930 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12300
https://notcve.org/view.php?id=CVE-2017-12300
16 Nov 2017 — A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the at... • http://www.securityfocus.com/bid/101862 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2017-12244
https://notcve.org/view.php?id=CVE-2017-12244
05 Oct 2017 — A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An e... • http://www.securityfocus.com/bid/101119 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12245
https://notcve.org/view.php?id=CVE-2017-12245
05 Oct 2017 — A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine ha... • http://www.securityfocus.com/bid/101118 • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2017-6715
https://notcve.org/view.php?id=CVE-2017-6715
04 Jul 2017 — A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-... • http://www.securityfocus.com/bid/99209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6716
https://notcve.org/view.php?id=CVE-2017-6716
04 Jul 2017 — A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. Una vulnerabilidad en el código del framework web de Firepower Management Center de Cisco, podría permitir a un atacante ... • http://www.securityfocus.com/bid/99220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-6717
https://notcve.org/view.php?id=CVE-2017-6717
04 Jul 2017 — A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la i... • http://www.securityfocus.com/bid/99217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •