CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2019-15992 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-15992
23 Sep 2020 — A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacke... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16028 – Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-16028
23 Sep 2020 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3307 – Cisco Firepower Management Center Arbitrary Log File Write Vulnerability
https://notcve.org/view.php?id=CVE-2020-3307
06 May 2020 — A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. Una vulnerabilidad en la Interfaz de ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alfo-tHwFDmTE • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3301 – Cisco Firepower Management Center Static Credential Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3301
06 May 2020 — Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower Management Center (FMC) Software y el Cisco Firepower User Agent Software, podrían permitir a un atacante acceder a una parte confidencial de un sist... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3318 – Cisco Firepower Management Center Static Credential Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3318
06 May 2020 — Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower Management Center (FMC) Software y Cisco Firepower User Agent Software, podrían permitir a un atacante acceder a una parte confidencial de un sistema... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3312 – Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3312
06 May 2020 — A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Una vulnerabilidad en l... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15280 – Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15280
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other us... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-fpwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12690 – Cisco Firepower Management Center Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12690
02 Oct 2019 — A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device wi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1970 – Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1970
08 Aug 2019 — A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass • CWE-693: Protection Mechanism Failure •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1949 – Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1949
08 Aug 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A suc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fmc-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •