CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3515 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3515
21 Oct 2020 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-6VqH4rpZ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3549 – Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability
https://notcve.org/view.php?id=CVE-2020-3549
21 Oct 2020 — A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-sft-mitm-tc8AzFs2 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3553 – Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3553
21 Oct 2020 — Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-6VqH4rpZ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3320 – Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3320
08 Oct 2020 — A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by first entering input within the web-based management interface and t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yLrjqqU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •