CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3550 – Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-3550
21 Oct 2020 — A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-conn... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-3299 – Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3299
21 Oct 2020 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious p... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-693: Protection Mechanism Failure •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3308 – Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3308
06 May 2020 — A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-3306 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3306
06 May 2020 — A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-qk8cTGLz • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-3305 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3305
06 May 2020 — A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affec... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-P43GCE5j • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-3303 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3303
06 May 2020 — A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-BqYFRJt9 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3253 – Cisco Firepower Threat Defense Software Shell Access Vulnerability
https://notcve.org/view.php?id=CVE-2020-3253
06 May 2020 — A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root acc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-shell-9rhJF68K • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3334 – Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3334
06 May 2020 — A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2100-arp-dos-kLdCK8ks • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 23EXPL: 0CVE-2020-3315 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3315
06 May 2020 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-668: Exposure of Resource to Wrong Sphere CWE-693: Protection Mechanism Failure •
CVSS: 7.7EPSS: 0%CPEs: 18EXPL: 0CVE-2019-12700 – Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12700
02 Oct 2019 — A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultan... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos • CWE-400: Uncontrolled Resource Consumption •