Vulnerabilities > Cisco > Firepower Management Center
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-21 | CVE-2018-0365 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
2018-06-07 | CVE-2018-0333 | Protection Mechanism Failure vulnerability in Cisco Firepower Management Center 6.2.2 A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. | 5.0 |
2018-05-02 | CVE-2018-0283 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
2018-05-02 | CVE-2018-0281 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
2018-05-02 | CVE-2018-0278 | Incorrect Authorization vulnerability in Cisco Firepower Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 4.3 |
2018-04-19 | CVE-2018-0233 | Resource Exhaustion vulnerability in Cisco Firepower Management Center A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. | 7.8 |
2017-11-16 | CVE-2017-12300 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.0 |
2017-10-05 | CVE-2017-12245 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Firepower Management Center A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. | 5.0 |
2017-10-05 | CVE-2017-12244 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. | 5.0 |
2017-09-07 | CVE-2017-12221 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 3.5 |