CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3301 – Cisco Firepower Management Center Static Credential Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3301
06 May 2020 — Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower Management Center (FMC) Software y el Cisco Firepower User Agent Software, podrían permitir a un atacante acceder a una parte confidencial de un sist... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3318 – Cisco Firepower Management Center Static Credential Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3318
06 May 2020 — Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower Management Center (FMC) Software y Cisco Firepower User Agent Software, podrían permitir a un atacante acceder a una parte confidencial de un sistema... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3312 – Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3312
06 May 2020 — A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Una vulnerabilidad en l... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15280 – Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15280
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other us... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-fpwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15269 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15269
16 Oct 2019 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could al... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15268 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15268
16 Oct 2019 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could al... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1930 – Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1930
06 Jul 2019 — Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-fmc-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1931 – Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1931
06 Jul 2019 — Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-fmc-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •