CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1699 – Cisco Firepower Threat Defense Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1699
03 May 2019 — A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. Una vulnerabilidad en la CLI del software Firepower Threat Defense (FTD) de Cisco, podría permitir ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-ftd-cmd-inject • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1671 – Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1671
07 Feb 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously c... • http://www.securityfocus.com/bid/106927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-0385
https://notcve.org/view.php?id=CVE-2018-0385
16 Jul 2018 — A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to ... • http://www.securityfocus.com/bid/104727 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0384
https://notcve.org/view.php?id=CVE-2018-0384
16 Jul 2018 — A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A success... • http://www.securityfocus.com/bid/104725 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 221EXPL: 0CVE-2018-0365
https://notcve.org/view.php?id=CVE-2018-0365
21 Jun 2018 — A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow t... • http://www.securityfocus.com/bid/104519 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0283
https://notcve.org/view.php?id=CVE-2018-0283
02 May 2018 — A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit coul... • http://www.securityfocus.com/bid/104121 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0281
https://notcve.org/view.php?id=CVE-2018-0281
02 May 2018 — A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affe... • http://www.securityfocus.com/bid/104096 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0278
https://notcve.org/view.php?id=CVE-2018-0278
02 May 2018 — A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit ... • http://www.securityfocus.com/bid/104122 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0233
https://notcve.org/view.php?id=CVE-2018-0233
19 Apr 2018 — A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connecti... • http://www.securityfocus.com/bid/103930 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12245
https://notcve.org/view.php?id=CVE-2017-12245
05 Oct 2017 — A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine ha... • http://www.securityfocus.com/bid/101118 • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •