Vulnerabilities > Cisco > Firepower Extensible Operating System > 1.1.1.160
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-1597 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System and Nx-Os Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-01-22 | CVE-2015-6435 | OS Command Injection vulnerability in Cisco products An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | 10.0 |
| 2015-11-24 | CVE-2015-6380 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | 6.5 |
| 2015-11-19 | CVE-2015-6374 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. | 4.3 |
| 2015-11-19 | CVE-2015-6371 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. | 4.0 |
| 2015-11-19 | CVE-2015-6370 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | 7.2 |
| 2015-11-19 | CVE-2015-6369 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | 4.9 |
| 2015-11-19 | CVE-2015-6368 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | 5.0 |
| 2015-11-18 | CVE-2015-6373 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. | 6.8 |
| 2015-11-18 | CVE-2015-6372 | Cross-site Scripting vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. | 4.3 |