Vulnerabilities > Cisco > Firepower Threat Defense > 6.2.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12674 | Improper Encoding or Escaping of Output vulnerability in Cisco products Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. | 8.2 |
| 2019-10-02 | CVE-2019-12673 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-08-21 | CVE-2019-12627 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. | 7.5 |
| 2019-08-08 | CVE-2019-1970 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. | 7.5 |
| 2019-05-03 | CVE-2019-1715 | Insufficient Entropy in PRNG vulnerability in Cisco products A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. | 7.5 |
| 2019-05-03 | CVE-2019-1714 | Unspecified vulnerability in Cisco products A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. | 8.6 |
| 2019-05-03 | CVE-2019-1708 | Memory Leak vulnerability in Cisco products A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. | 8.6 |
| 2019-05-03 | CVE-2019-1704 | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2019-05-03 | CVE-2019-1703 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Threat Defense A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. | 8.6 |
| 2019-05-03 | CVE-2019-1701 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. | 4.8 |