CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1671 – Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1671
07 Feb 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously c... • http://www.securityfocus.com/bid/106927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2019-1642 – Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1642
23 Jan 2019 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a... • https://packetstorm.news/files/id/151366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-15458 – Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15458
10 Jan 2019 — A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by ... • http://www.securityfocus.com/bid/106516 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-0385
https://notcve.org/view.php?id=CVE-2018-0385
16 Jul 2018 — A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to ... • http://www.securityfocus.com/bid/104727 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0383
https://notcve.org/view.php?id=CVE-2018-0383
16 Jul 2018 — A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow the attacker to ... • http://www.securityfocus.com/bid/104726 • CWE-693: Protection Mechanism Failure •