8 matches found
CVE-2022-20744
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a...
The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a hacker to read or rewrite any arbitrary files.
The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves deficiencies in path name checking for the directory. Exploiting this vulnerability allows a malicious actor to read or re-record arbitrary files using specially created HTTPS requests...
PT-2021-7515 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...
CVE-2021-1267
A vulnerability in the dashboard widget of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit th...
CVE-2019-12685
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2018-0365
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
CVE-2016-6419
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...