Vulnerabilities > Cisco > Firepower Threat Defense > 6.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-20071 | Unspecified vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.8 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-03-23 | CVE-2023-20107 | Insufficient Entropy vulnerability in Cisco Adaptive Security Appliance A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. | 7.5 |
| 2022-05-03 | CVE-2022-20715 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-05-03 | CVE-2022-20729 | XML Injection (aka Blind XPath Injection) vulnerability in Cisco Firepower Threat Defense A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. | 7.8 |
| 2022-05-03 | CVE-2022-20730 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. | 7.5 |
| 2022-05-03 | CVE-2022-20742 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. | 7.4 |
| 2022-05-03 | CVE-2022-20745 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2022-05-03 | CVE-2022-20746 | NULL Pointer Dereference vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. | 7.5 |
| 2022-05-03 | CVE-2022-20751 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Threat Defense A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. | 7.5 |