8 matches found
CVE-2020-3320
CVE-2020-3320 affects Cisco Firepower Management Center (web-based management interface). Root cause: insufficient validation of user-supplied input in the FMC web UI, enabling a cross-site scripting (XSS) attack. Exploitation requires an authenticated user to input crafted data and then persuade...
CVE-2021-34781
The CVE-2021-34781 issue affects Cisco Firepower Threat Defense (FTD) Software in multi-Instance deployments, where improper error handling during SSH session establishment allows an unauthenticated, remote attacker to trigger resource exhaustion and a DoS condition. Exploitation involves sending...
CVE-2021-34755
Cisco Firepower Threat Defense (FTD) Software CLI contains multiple command injection vulnerabilities. An authenticated, local attacker could exploit insufficient validation of user-supplied command arguments to execute arbitrary commands with root privileges on the underlying OS, including when ...
CVE-2021-34762
Cisco Firepower Management Center (FMC) Software is affected by CVE-2021-34762, a directory-traversal vulnerability in the web-based management interface caused by insufficient input validation of HTTPS URLs. An authenticated, remote attacker with valid credentials can send crafted HTTPS requests...
CVE-2021-34764
CVE-2021-34764 affects Cisco Firepower Management Center (FMC) web-based management interface, with multiple vulnerabilities enabling cross-site scripting (XSS) and open redirect attacks. The root cause is improper input validation of HTTP request parameters in the FMC web interface. Cisco’s advi...
CVE-2021-34763
Cisco Firepower Management Center (FMC) Web UI vulnerabilities CVE-2021-34763: two issues—an authenticated attacker can lure a user to click a crafted link to execute arbitrary script code (XSS) and an unauthenticated attacker can exploit improper input validation to trigger an open redirect. The...
CVE-2021-34756
Cisco Firepower Threat Defense (FTD) Software contains CLI command injection vulnerabilities that allow an authenticated, local attacker to execute arbitrary commands with root privileges due to insufficient validation of user-provided command arguments. Affected component is the FTD CLI; impact ...
CVE-2021-34761
CVE-2021-34761 affects Cisco Firepower Threat Defense (FTD) Software. The issue stems from incomplete validation of user input for a specific CLI command, enabling an authenticated local attacker (with administrative credentials) to overwrite or append arbitrary data to system files with root-lev...