CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12245
https://notcve.org/view.php?id=CVE-2017-12245
05 Oct 2017 — A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine ha... • http://www.securityfocus.com/bid/101118 • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-6717
https://notcve.org/view.php?id=CVE-2017-6717
04 Jul 2017 — A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podría permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la i... • http://www.securityfocus.com/bid/99217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3885
https://notcve.org/view.php?id=CVE-2017-3885
07 Apr 2017 — A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic... • http://www.securityfocus.com/bid/97451 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3809
https://notcve.org/view.php?id=CVE-2017-3809
03 Feb 2017 — A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. Una vulnerabilidad en el módulo de implementación de Políticas de Cisco Firepower Management Center (FMC) podría permitir que un atacante remoto no autenticado prevenga el despliegue de una base de reglas... • http://www.securityfocus.com/bid/95941 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3814
https://notcve.org/view.php?id=CVE-2017-3814
03 Feb 2017 — A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. Una vulnerabilidad en Cisco Firepower System Software podría permitir a un atacante remoto no autenticado eludir maliciosamente la capacidad del aparato para bloquear ciertos contenidos web, vulnerabilidad también conocida como un UR... • http://www.securityfocus.com/bid/95942 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-9193
https://notcve.org/view.php?id=CVE-2016-9193
14 Dec 2016 — A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. Una vulnerab... • http://www.securityfocus.com/bid/94801 • CWE-20: Improper Input Validation •