Lucene search
K

204 matches found

CVE
CVE
added 2024/05/22 4:54 p.m.86 views

CVE-2024-20355

CVE-2024-20355 affects Cisco ASA/FTD SAML SSO. The issue stems from improper separation of authorization domains, allowing an authenticated remote user to reuse a SAML token to access a tunnel group they are not authorized for, enabling a remote VPN session to secured networks behind the device. ...

5CVSS6.8AI score0.00333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/22 4:54 p.m.23 views

CVE-2024-20361

A vulnerability in the Object Groups for Access Control Lists ACLs feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense FTD Software. This...

5.8CVSS5.8AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2024/05/22 4:54 p.m.66 views

CVE-2024-20361

Cisco CVE-2024-20361 affects Firepower Management Center (FMC) Software, enabling an unauthenticated remote attacker to bypass access controls on managed Firepower Threat Defense (FTD) devices. The root cause is the incorrect deployment of the Object Groups for ACLs feature from FMC to FTD in hig...

5.8CVSS7AI score0.00395EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/22 4:53 p.m.22 views

CVE-2024-20261

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a...

5.8CVSS7.1AI score0.0037EPSS
Exploits0References1
Cisco
Cisco
added 2024/05/22 4:0 p.m.32 views

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability

A vulnerability in the Object Groups for Access Control Lists ACLs feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense FTD Software. This...

5.8CVSS5.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 6:16 p.m.45 views

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS6.4AI score0.19434EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/04/24 12:0 a.m.42 views

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

6CVSS7.2AI score0.19434EPSS
In wildExploits1References2
OSV
OSV
added 2023/12/12 6:15 p.m.4 views

CVE-2023-20275

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper...

4.3CVSS5.8AI score0.00412EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.24 views

Multiple Cisco Products Snort FTP Inspection Bypass (cisco-sa-snort-ftd-zXYtnjOM) (CSCwb69096)

According to its self-reported version, Cisco FTD Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

5.8CVSS5.8AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 2023/11/01 6:15 p.m.27 views

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 6:15 p.m.49 views

CVE-2023-20031

A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs whe...

5.4CVSS5.2AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 6:15 p.m.21 views

CVE-2023-20042

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...

8.6CVSS7.1AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 5:15 p.m.31 views

CVE-2023-20244

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handli...

8.6CVSS8.6AI score0.00774EPSS
Exploits0References1
Prion
Prion
added 2023/11/01 5:15 p.m.29 views

Design/Logic Flaw

A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS conditi...

5CVSS5.8AI score0.00668EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/01 5:15 p.m.21 views

Race condition

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper processing of ICMPv6 messages. A...

5CVSS7.5AI score0.00652EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/11/01 5:11 p.m.27 views

CVE-2023-20063 Cisco Cisco Firepower Threat Defense Software and Cisco Firepower Management Center Code Injection Vulnerability

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense FTD Software and devices that are running Cisco Firepower Management FMC Software could allow an authenticated, local attacker to execute arbitrary commands with root...

8.2CVSS8.5AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2023/11/01 5:10 p.m.91 views

CVE-2023-20264

Cisco ASA/FTD SAML SSO implementation flaw allows an unauthenticated attacker to intercept a user’s SAML assertion during remote VPN authentication due to insufficient login URL validation. An attacker can entice a user to visit a site under the attacker’s control, modify the login URL, and use t...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/01 5:3 p.m.85 views

CVE-2023-20031

The CVE-2023-20031 issue affects Cisco Firepower Threat Defense (FTD) with Snort 3, where a logic error in SSL/TLS certificate handling during SSL handshake under load can be exploited by a high rate of connection requests to cause the Snort 3 engine to reload. Consequences documented include pot...

5.4CVSS5.6AI score0.00283EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/01 4:51 p.m.83 views

CVE-2023-20270

CVE-2023-20270 concerns Cisco Firepower Threat Defense Software where the SMB protocol preprocessor and Snort 3 detection engine interaction is flawed due to improper error-checking when processing SMB traffic. An unauthenticated, remote attacker could send crafted SMB streams to bypass policies ...

5.8CVSS5.9AI score0.00668EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/01 4:50 p.m.84 views

CVE-2023-20244

CVE-2023-20244 affects Cisco Firepower Threat Defense (FTD) on Cisco Firepower 2100 Series, with vulnerable internal packet processing in the inspection engine. The issue allows an unauthenticated, remote attacker to trigger a DoS by sending crafted packets, potentially depleting all 9,472-byte b...

8.6CVSS8.4AI score0.00774EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder