Lucene search
K
CiscoSecure Firewall Management Center

182 matches found

CVE
CVE
added 2019/07/06 1:30 a.m.418 views

CVE-2019-1931

Cisco Firepower Management Center (FMC) RSS dashboard suffers cross-site scripting (XSS) due to insufficient input validation in the web-based management interface. The flaws allow an unauthenticated, remote attacker to lure a user into clicking a crafted link, enabling arbitrary script execution...

6.1CVSS6AI score0.01057EPSS
CVE
CVE
added 2019/07/06 1:30 a.m.410 views

CVE-2019-1930

Cisco Firepower Management Center (FMC) RSS dashboard web interface is affected by multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user input. An unauthenticated, remote attacker could lure a user into clicking a crafted link, potentially executing arbitrary ...

6.1CVSS6AI score0.01057EPSS
CVE
CVE
added 2021/01/13 9:16 p.m.165 views

CVE-2021-1223

CVE-2021-1223 affects Cisco products with the Snort detection engine, where incorrect handling of HTTP range header (per Cisco/NVD wording) could allow an unauthenticated, remote attacker to bypass a configured HTTP file policy and deliver a malicious payload by sending crafted HTTP packets throu...

7.5CVSS6.5AI score0.01985EPSS
CVE
CVE
added 2025/08/14 4:30 p.m.147 views

CVE-2025-20265

CVE-2025-20265 affects Cisco Secure Firewall Management Center (FMC) Software, via the RADIUS subsystem; unauthenticated, remote attackers can inject and execute arbitrary shell commands with high privileges when FMC is configured for RADIUS authentication on the web interface or SSH. Root cause:...

10CVSS7.8AI score0.14468EPSS
CVE
CVE
added 2023/11/01 5:4 p.m.138 views

CVE-2023-20048

CVE-2023-20048 describes a command-injection vulnerability in Cisco Firepower Management Center (FMC) web services. An authenticated attacker with FMC credentials can send crafted HTTP requests to an affected Firepower Threat Defense (FTD) device managed by FMC to execute unauthorized configurati...

9.9CVSS9.4AI score0.15821EPSS
CVE
CVE
added 2022/05/03 3:15 a.m.124 views

CVE-2022-20743

CVE-2022-20743 affects Cisco Firepower Management Center (FMC) Web UI. The issue stems from improper validation when uploading files via the FMC web management interface, allowing an authenticated, remote attacker to upload malicious files, store them on the device, and potentially execute arbitr...

9CVSS7.8AI score0.03902EPSS
CVE
CVE
added 2021/01/13 9:16 p.m.123 views

CVE-2021-1224

CVE-2021-1224 affects Cisco products via a TCP Fast Open (TFO) related bypass of HTTP file policies when used with Snort. The vulnerability arises from incorrect detection of HTTP payloads that are partially contained in the TFO handshake, enabling an unauthenticated, remote attacker to deliver a...

5.8CVSS5.7AI score0.02005EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.117 views

CVE-2021-40114

CVE-2021-40114 affects multiple Cisco products via the Snort detection engine’s ICMP processing, causing DoS from improper memory/resource management when handling ICMP packets. Root cause: memory/resource management flaw in ICMP packet processing. Impact: unauthenticated remote DoS, potentially ...

7.8CVSS6.9AI score0.02367EPSS
CVE
CVE
added 2022/11/10 5:29 p.m.109 views

CVE-2022-20918

The CVE-2022-20918 issue affects Cisco FirePOWER Software for ASA FirePOWER module, Firepower Management Center (FMC) Software, and NGIPS Software. Root cause: SNMP access controls rely on a default credential for SNMPv1/v2, enabling an unauthenticated, remote attacker to perform SNMP GET request...

7.5CVSS7.5AI score0.00847EPSS
CVE
CVE
added 2026/03/04 5:17 p.m.107 views

CVE-2026-20131

CVE-2026-20131 affects Cisco Secure Firewall Management Center (FMC) Software via the web-based management interface. The root cause is insecure deserialization of untrusted Java byte streams, enabling an unauthenticated, remote attacker to execute arbitrary Java code as root. Affected artifacts ...

10CVSS6.6AI score0.27551EPSS
In wild
CVE
CVE
added 2018/10/05 2:0 p.m.100 views

CVE-2018-15397

The CVE is for Cisco ASA/FTD: a vulnerability in Traffic Flow Confidentiality (TFC) over IPsec could allow an unauthenticated, remote attacker to restart the device, causing a DoS. Root cause: an error during IPsec tunnel key renegotiation when TFC traffic is in flight may crash a daemon, leading...

7.1CVSS6.8AI score0.01196EPSS
CVE
CVE
added 2020/10/21 6:41 p.m.100 views

CVE-2020-3558

Cisco Firepower Management Center (FMC) Open Redirect vulnerability (CVE-2020-3558) arises from improper input validation of HTTP request parameters in the web-based management interface. An unauthenticated, remote attacker could intercept a user’s HTTP request and modify it to redirect the user ...

6.1CVSS5.4AI score0.00793EPSS
CVE
CVE
added 2022/05/03 3:16 a.m.100 views

CVE-2022-20629

Cisco Firepower Management Center (FMC) Web UI suffers cross-site scripting (XSS) vulnerabilities due to insufficient validation of user input in the web-based management interface. An authenticated remote attacker could lure a user to click a crafted link, potentially executing arbitrary script ...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2021/08/18 7:40 p.m.97 views

CVE-2021-34749

CVE-2021-34749 affects Cisco WSA/FTD and the Snort detection engine. The issue stems from inadequate filtering of the SSL handshake in the SNI data path, allowing an unauthenticated remote attacker to bypass filters and exfiltrate data from a compromised host, potentially enabling command-and-con...

8.6CVSS7AI score0.01684EPSS
CVE
CVE
added 2022/05/03 3:16 a.m.96 views

CVE-2022-20627

Cisco Firepower Management Center (FMC) web interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user input. CVE-2022-20627 affects FMC and can be exploited by an authenticated, remote attacker who entices a user to click a crafted link, potenti...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2022/05/03 3:20 a.m.95 views

CVE-2022-20744

CVE-2022-20744 affects Cisco Firepower Management Center (FMC). The issue is an input protection mechanism that relies on a specific input’s existence/value, allowing an authenticated, remote attacker to view data beyond their authorization by crafting requests to the affected device. Documented ...

6.5CVSS5.3AI score0.00882EPSS
CVE
CVE
added 2019/11/05 7:35 p.m.93 views

CVE-2019-1981

The CVE-2019-1981 vulnerability affects Cisco Firepower Threat Defense Software (FTD), Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software. It stems from insufficient normalization of text-based payloads, enabling an unauthenticated, remote attacker to bypass...

5.8CVSS5.7AI score0.01042EPSS
CVE
CVE
added 2023/11/01 5:8 p.m.92 views

CVE-2023-20219

CVE-2023-20219 affects Cisco Firepower Management Center (FMC) Software: multiple OS command injection vulnerabilities in the web-based management interface. An authenticated attacker with valid credentials (no admin privileges required) can craft input in the GUI to execute arbitrary commands on...

8.8CVSS8.9AI score0.00892EPSS
CVE
CVE
added 2017/10/05 7:0 a.m.91 views

CVE-2017-12244

CVE-2017-12244 affects Cisco Firepower System Software 6.0+ where the detection engine’s IPv6 packet parsing allows an unauthenticated remote attacker to cause high CPU usage/DoS by sending crafted IPv6 extension header packets. Root cause is improper input validation in the IPv6 extension header...

8.6CVSS8.5AI score0.0158EPSS
CVE
CVE
added 2021/01/13 9:17 p.m.91 views

CVE-2021-1236

CVE-2021-1236 affects multiple Cisco products via the Snort application detection engine. The vulnerability stems from a flaw in the detection algorithm, enabling an unauthenticated, remote attacker to bypass configured policies by sending crafted packets, potentially delivering a malicious paylo...

5.3CVSS5AI score0.02146EPSS
CVE
CVE
added 2022/11/10 5:42 p.m.89 views

CVE-2022-20938

Cisco Firepower Management Center (FMC) Software is affected by a vulnerability in the module import function of the administrative interface, caused by insufficient validation of XML syntax when importing a module. An authenticated, remote attacker could exploit a specially crafted XML file to r...

4.3CVSS4.5AI score0.00524EPSS
CVE
CVE
added 2020/05/06 4:40 p.m.87 views

CVE-2020-3315

CVE-2020-3315 affects multiple Cisco products via the Snort detection engine, where incorrect handling of certain HTTP responses lets unauthenticated remote attackers bypass configured file policies and deliver payloads. Public documentation in Debian/ Mageia advisories notes the vulnerability in...

5.8CVSS5.5AI score0.02156EPSS
CVE
CVE
added 2023/11/01 4:48 p.m.87 views

CVE-2023-20155

Summary: CVE-2023-20155 affects Cisco Firepower Management Center (FMC). The issue is a lack of rate-limiting on a logging API used by FMC, which can be exploited by an unauthenticated remote attacker to cause a DoS (CPU spiking to 100% and potential reload) or, with valid credentials but not Adm...

7.5CVSS6.5AI score0.00669EPSS
CVE
CVE
added 2019/11/05 7:35 p.m.86 views

CVE-2019-1978

The CVE-2019-1978 issue affects Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software. It stems from improper stream reassembly in the stream reassembly component, allowing an unauthenticated, remote attacker to bypass f...

5.8CVSS5.6AI score0.09382EPSS
Web
CVE
CVE
added 2021/01/13 9:17 p.m.86 views

CVE-2021-1239

CVE-2021-1239 refers to multiple stored XSS vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC). An authenticated, remote attacker could lure a user to click a crafted link, triggering arbitrary script execution or access to browser data due to inadequ...

4.8CVSS5AI score0.00615EPSS
CVE
CVE
added 2022/05/03 3:16 a.m.86 views

CVE-2022-20628

Cisco Firepower Management Center (FMC) Software contains Cross-Site Scripting (XSS) vulnerabilities in its web-based management interface caused by insufficient input validation. An authenticated remote attacker could lure a user to click a crafted link, potentially executing arbitrary script co...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2020/09/23 12:27 a.m.85 views

CVE-2019-15992

CVE-2019-15992 is a remote code execution vulnerability in the Lua interpreter used by Cisco ASA and Cisco FTD software. It arises from insufficient restrictions on Lua function calls in user-supplied scripts, which could allow an authenticated, remote attacker to trigger a heap overflow and exec...

9CVSS7.2AI score0.04122EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.83 views

CVE-2018-0278

Affected product/area: Cisco Firepower System Software management console. Vulnerability summary: An information-disclosure vulnerability due to improper cross-origin protections for WebSocket in the management console could allow an unauthenticated, remote attacker to retrieve policy or configur...

6.5CVSS6.4AI score0.02228EPSS
CVE
CVE
added 2020/10/08 4:20 a.m.83 views

CVE-2020-3320

CVE-2020-3320 affects Cisco Firepower Management Center (web-based management interface). Root cause: insufficient validation of user-supplied input in the FMC web UI, enabling a cross-site scripting (XSS) attack. Exploitation requires an authenticated user to input crafted data and then persuade...

5.4CVSS5.2AI score0.00625EPSS
CVE
CVE
added 2022/11/10 5:38 p.m.83 views

CVE-2022-20832

CVE-2022-20832 describes multiple stored XSS vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software. The flaws stem from insufficient validation of user-supplied input in the FMC web UI, enabling an authenticated remote attacker to inject crafted...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:41 p.m.82 views

CVE-2022-20905

CVE-2022-20905 concerns Cisco Firepower Management Center (FMC) web-based management interface. The issue is a set of stored cross-site scripting (XSS) vulnerabilities caused by insufficient validation of user-supplied input in the FMC web UI. An authenticated, remote attacker could inject crafte...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2023/11/01 5:11 p.m.82 views

CVE-2023-20063

Cisco Firepower Threat Defense (FTD) and Cisco Firepower Management Center (FMC) inter-device communication contains a code-injection vulnerability due to insufficient input validation. An authenticated, local attacker who gains admin privileges on an associated device can use expert mode to subm...

8.2CVSS8.4AI score0.00234EPSS
CVE
CVE
added 2022/05/03 3:16 a.m.81 views

CVE-2022-20740

Cisco Firepower Management Center (FMC) is affected by a cross-site scripting vulnerability in its web-based management interface due to improper validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link to inject malicious input, potential...

6.1CVSS6.2AI score0.007EPSS
CVE
CVE
added 2019/11/05 7:35 p.m.80 views

CVE-2019-1982

Cisco Firepower family components (FTD, FWS for ASA, and FMC) are affected by CVE-2019-1982, a vulnerability in the HTTP traffic filtering module where improper handling of HTTP requests with malicious headers (including HTTPS) can let an unauthenticated remote attacker bypass filtering protectio...

5.8CVSS5.3AI score0.00975EPSS
CVE
CVE
added 2016/10/06 10:0 a.m.79 views

CVE-2016-6433

CVE-2016-6433 — Cisco Firepower Management Center (Threat Management Console) : The vulnerability affects Cisco Firepower Management Center 5.2.0–6.0.1, allowing remote authenticated users to execute arbitrary commands via crafted web-application parameters. Exploitation has been demonstrated in ...

9CVSS8.6AI score0.7575EPSS
Web
CVE
CVE
added 2020/09/23 12:26 a.m.79 views

CVE-2019-16028

Cisco Firepower Management Center (FMC) web-based management interface is affected by CVE-2019-16028. The issue stems from improper handling of LDAP authentication responses from an external server, allowing an unauthenticated, remote attacker to bypass authentication and gain administrative acce...

10CVSS10AI score0.0335EPSS
CVE
CVE
added 2019/01/23 11:0 p.m.79 views

CVE-2019-1642

CVE-2019-1642 affects Cisco Firepower Management Center (FMC). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, ena...

6.1CVSS5.9AI score0.03905EPSS
Web
CVE
CVE
added 2022/11/10 5:38 p.m.77 views

CVE-2022-20831

CVE-2022-20831 involves multiple stored XSS flaws in Cisco Firepower Management Center (FMC) web UI caused by insufficient validation of user input. An authenticated, remote attacker could craft input in FMC interface fields to execute script code in the user’s browser or access browser-based inf...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:38 p.m.77 views

CVE-2022-20833

CVE-2022-20833 concerns multiple stored XSS flaws in the web-based management interface of Cisco Firepower Management Center (FMC). The root cause is inadequate validation of user-supplied input in the FMC web UI, enabling an authenticated, remote attacker to inject script code via various data f...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:36 p.m.77 views

CVE-2022-20925

Summary (CVE-2022-20925) : The Cisco Firepower Management Center (FMC) web management interface is affected by an API input validation vulnerability. An authenticated attacker with Device-permission credentials could exploit crafted input to API endpoints to execute arbitrary OS commands with low...

7.2CVSS7.3AI score0.00824EPSS
CVE
CVE
added 2022/11/10 5:42 p.m.77 views

CVE-2022-20935

CVE-2022-20935 affects Cisco Firepower Management Center (FMC) web-based management interface. The issue is a stored cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in various FMC data fields. An authenticated, remote attacker could inject crafted...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:40 p.m.75 views

CVE-2022-20836

CVE-2022-20836 corresponds to multiple stored XSS vulnerabilities in Cisco Firepower Management Center (FMC) web interface. Affected component: FMC’s web-based management UI; root cause: insufficient validation of user-supplied input, enabling an authenticated, remote attacker to inject arbitrary...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:31 p.m.75 views

CVE-2022-20854

The CVE-2022-20854 issue affects Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software, caused by improper error handling during SSH session establishment. An unauthenticated, remote attacker sending a high rate of crafted SSH connections can exhaust resources, leadi...

7.5CVSS7.5AI score0.00866EPSS
CVE
CVE
added 2022/11/10 5:41 p.m.74 views

CVE-2022-20932

CVE-2022-20932 involves multiple stored XSS vulnerabilities in the Cisco Firepower Management Center (FMC) web-based management interface. The issues arise from insufficient validation of user-supplied input in data fields, allowing an authenticated, remote attacker to inject script code that run...

4.8CVSS5AI score0.00473EPSS
CVE
CVE
added 2022/11/10 5:42 p.m.74 views

CVE-2022-20936

Cisco Firepower Management Center (FMC) web UI is affected by multiple CVE-2022-20936 XSS vulnerabilities due to insufficient input validation in the web-based management interface. An authenticated, remote attacker could inject crafted input to trigger stored XSS in FMC and potentially access se...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2017/10/05 7:0 a.m.73 views

CVE-2017-12245

CVE-2017-12245 describes a memory-consumption DoS vulnerability in Cisco Firepower Threat Defense (FTD) Software’s SSL traffic decryption. Root cause: an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and communicates with the ASA handler, enabling an unauthentic...

8.6CVSS8.4AI score0.01589EPSS
CVE
CVE
added 2018/07/16 5:0 p.m.73 views

CVE-2018-0385

CVE-2018-0385 affects Cisco Firepower System Software: the detection engine’s SSL packet parsing can be mishandled, allowing an unauthenticated remote attacker to cause a DoS via Snort process restart. The issue stems from improper input handling of SSL traffic, with exploitation by sending craft...

7.5CVSS7.6AI score0.02333EPSS
CVE
CVE
added 2022/11/10 5:39 p.m.73 views

CVE-2022-20834

CVE-2022-20834 affects Cisco Firepower Management Center (FMC) web-based management interface. The issue is due to insufficient validation of user-supplied input in the FMC UI, enabling an authenticated, remote attacker to perform a stored XSS attack. Impact ranges from arbitrary script execution...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:40 p.m.73 views

CVE-2022-20838

Cisco Firepower Management Center (FMC) web UI contains stored XSS vulnerabilities due to insufficient input validation. An authenticated, remote attacker could inject crafted input into UI fields to execute arbitrary script in the FMC interface context or access browser-based information, with p...

4.8CVSS5AI score0.00446EPSS
CVE
CVE
added 2022/11/10 5:41 p.m.73 views

CVE-2022-20843

CVE-2022-20843 pertains to multiple stored XSS flaws in the Cisco Firepower Management Center (FMC) web-based management interface. The issues arise from insufficient validation of user-supplied input in the FMC UI, allowing an authenticated, remote attacker to inject crafted input that executes ...

4.8CVSS5AI score0.00446EPSS
Total number of security vulnerabilities182