Vulnerabilities > Cisco > Firepower Management Center > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-6368 Resource Management Errors vulnerability in Cisco Firepower Management Center
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.
network
low complexity
cisco CWE-399
5.0
2017-02-03 CVE-2017-3814 Improper Input Validation vulnerability in Cisco Firepower Management Center
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass.
network
low complexity
cisco CWE-20
5.0
2017-02-03 CVE-2017-3809 Improper Input Validation vulnerability in Cisco Firepower Management Center 6.1.0/6.2.0
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base.
network
low complexity
cisco CWE-20
5.0
2016-12-14 CVE-2016-9193 Improper Input Validation vulnerability in Cisco products
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
network
low complexity
cisco CWE-20
5.0
2016-10-27 CVE-2016-6439 Resource Management Errors vulnerability in Cisco Firepower Management Center
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.
network
cisco CWE-399
4.3
2016-10-06 CVE-2016-6435 Information Exposure vulnerability in Cisco Firepower Management Center 6.0.1
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
network
low complexity
cisco CWE-200
4.0
2016-10-06 CVE-2016-6434 Improper Authentication vulnerability in Cisco Firepower Management Center 6.0.1
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
local
low complexity
cisco CWE-287
4.6
2016-10-05 CVE-2016-6419 SQL Injection vulnerability in Cisco Firepower Management Center
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
network
cisco CWE-89
6.0
2016-08-23 CVE-2016-6365 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
network
cisco CWE-79
4.3
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
cisco CWE-79
4.3