Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances ASA and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issu...

EUVD-2017-15652

Malware in sbrugna...

The vulnerability of the command-line interface of the Cisco operating system FX-OS in Cisco Firepower 1000, Firepower 2100, Firepower 4100, and Firepower 9300 Security Appliances allows a attacker to create or overwrite any file in the file system.

The vulnerability of the command-line interface of the Cisco operating system, Cisco FX-OS, in Cisco Firepower 1000, Firepower 2100, Firepower 4100, and Firepower 9300 Security Appliances, as well as the Secure Firewall 3100 Series, is related to the improper assignment of permissions for a...

Cisco NX-OS Software和Cisco FXOS Software 缓冲区错误漏洞

Cisco NX-OS Software and Cisco FXOS Software are both products of Cisco, Inc.Cisco NX-OS Software is a suite of data center-grade operating system software for use in switches.Cisco FXOS Software is a suite of firewall software that runs in Cisco security appliances. Cisco FXOS Software is a set ...

The vulnerability of the monitoring and management interface of the Cisco FXOS operating system’s Cisco Firepower network interface, which allows a attacker to perform a CSRF attack

The vulnerability of the monitoring and management interface of the Cisco OS on the Cisco Firepower network switch involves insufficient protection when entering CSRF requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. These include several Nexus, MDS 9000 switches, UCS and Firepower models. The vulnerabilities enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...

CVE-2019-1611

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1597

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

CVE-2018-0453

Cisco Firepower Management Center and Firepower System Software (FTD sensors) are affected by CVE-2018-0453. The issue stems from insufficient validation of CLI commands sent via the Sourcefire tunnel control channel, allowing an authenticated, local attacker with root privileges on at least one ...

CVE-2018-0331

A vulnerability in the Cisco Discovery Protocol formerly known as CDP subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service DoS condition. The vulnerability is due to a failure t...

CVE-2018-0314

A vulnerability in the Cisco Fabric Services CFS component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric...

PT-2018-3891 · Cisco · Cisco Ucs Fabric Interconnect +3

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions affected versions not specified Cisco UCS Fabric Interconnect Software versions affected versions not specified Description: A vulnerability in the CLI parser could allow an authenticated, local attacker to cause ...

CVE-2017-6597

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More...

CVE-2015-6368

Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608...