CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-1489 – Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1489
29 Apr 2021 — A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-dos-nFES8xTN • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1369 – Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2021-1369
29 Apr 2021 — A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-xxe-zR7sxPfs • CWE-611: Improper Restriction of XML External Entity Reference •