Vulnerabilities > Cisco > Firepower Management Center > 7.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-20048 Incorrect Authorization vulnerability in Cisco Firepower Management Center
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
network
low complexity
cisco CWE-863
critical
9.9
2023-11-01 CVE-2023-20063 Improper Input Validation vulnerability in Cisco products
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device.
local
low complexity
cisco CWE-20
8.2
2023-11-01 CVE-2023-20219 Command Injection vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2023-11-01 CVE-2023-20220 Command Injection vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2023-11-01 CVE-2023-20005 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2023-11-01 CVE-2023-20074 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2023-11-01 CVE-2023-20114 Improper Input Validation vulnerability in Cisco Firepower Management Center
A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system.
network
low complexity
cisco CWE-20
6.5
2023-11-01 CVE-2023-20155 Resource Exhaustion vulnerability in Cisco Firepower Management Center
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload.
network
low complexity
cisco CWE-400
6.5
2023-11-01 CVE-2023-20206 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2022-11-15 CVE-2022-20831 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface.
network
low complexity
cisco CWE-79
4.8