Vulnerabilities > Cisco > Firepower Management Center > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-0281 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.8 |
| 2018-05-02 | CVE-2018-0278 | Incorrect Authorization vulnerability in Cisco Firepower Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 6.5 |
| 2017-11-16 | CVE-2017-12300 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.8 |
| 2017-09-07 | CVE-2017-12221 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 5.4 |
| 2017-09-07 | CVE-2017-12220 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-07-04 | CVE-2017-6717 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-07-04 | CVE-2017-6716 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 5.4 |
| 2017-07-04 | CVE-2017-6715 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-06-13 | CVE-2017-6673 | Information Exposure vulnerability in Cisco Firepower Management Center 6.1.0.2/6.2.0 A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. | 6.5 |
| 2017-04-07 | CVE-2017-3885 | Resource Exhaustion vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. | 5.9 |