CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15270 – Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15270
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Firepower Management Center (FMC), podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15269 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15269
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Firepower Management Center (FMC), podrían permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 204EXPL: 0CVE-2019-15268 – Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-15268
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Firepower Management Center (FMC), podrían permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-firepwr-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 211EXPL: 0CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. • http://www.securityfocus.com/bid/108350 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot https://www.kb.cert.org/vuls/id/400865 https://www.us-cert.gov/ics/advisories/icsa-20-072-03 • CWE-284: Improper Access Control CWE-667: Improper Locking •
CVSS: 8.8EPSS: 0%CPEs: 221EXPL: 0CVE-2018-0365
https://notcve.org/view.php?id=CVE-2018-0365
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750. • http://www.securityfocus.com/bid/104519 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •