CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1238 – Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1238
13 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-stored-xss-djKfCzf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2021-1236 – Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1236
13 Jan 2021 — Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protec... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.8EPSS: 0%CPEs: 48EXPL: 0CVE-2021-1224 – Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1224
13 Jan 2021 — Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A succes... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-1223 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1223
13 Jan 2021 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. Múltiples productos de... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3557 – Cisco Firepower Management Center Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3557
21 Oct 2020 — A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dos-3WymYWKh • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3558 – Cisco Firepower Management Center Software Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2020-3558
21 Oct 2020 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-redirect-NYDuSEQn • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3410 – Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3410
21 Oct 2020 — A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cacauthbyp-NCLGZm3Q • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 1%CPEs: 4EXPL: 0CVE-2020-3499 – Cisco Firepower Management Center Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3499
21 Oct 2020 — A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dos-NjYvDcLA • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3514 – Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-3514
21 Oct 2020 — A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-container-esc-FmYqFBQV • CWE-216: DEPRECATED: Containment Errors (Container Errors) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3515 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3515
21 Oct 2020 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-6VqH4rpZ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •