CVE-2018-0233
https://notcve.org/view.php?id=CVE-2018-0233
A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. • http://www.securityfocus.com/bid/103930 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-6715
https://notcve.org/view.php?id=CVE-2017-6715
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web. • http://www.securityfocus.com/bid/99209 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6716
https://notcve.org/view.php?id=CVE-2017-6716
A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. Una vulnerabilidad en el código del framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz web de un sistema afectado. • http://www.securityfocus.com/bid/99220 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6717
https://notcve.org/view.php?id=CVE-2017-6717
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web. • http://www.securityfocus.com/bid/99217 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3814
https://notcve.org/view.php?id=CVE-2017-3814
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. Una vulnerabilidad en Cisco Firepower System Software podría permitir a un atacante remoto no autenticado eludir maliciosamente la capacidad del aparato para bloquear ciertos contenidos web, vulnerabilidad también conocida como un URL Bypass. Más Información: CSCvb93980. • http://www.securityfocus.com/bid/95942 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1 • CWE-20: Improper Input Validation •