Vulnerabilities > Cisco > Firepower Threat Defense > 6.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-3188 | Insufficient Session Expiration vulnerability in Cisco products A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. | 5.3 |
| 2020-05-06 | CVE-2020-3187 | Path Traversal vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. | 9.1 |
| 2020-05-06 | CVE-2020-3186 | Unspecified vulnerability in Cisco products A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. | 5.3 |
| 2020-05-06 | CVE-2020-3179 | Double Free vulnerability in Cisco products A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-02-26 | CVE-2020-3167 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). | 7.8 |
| 2020-02-26 | CVE-2020-3166 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). | 6.7 |
| 2019-10-02 | CVE-2019-12698 | Unspecified vulnerability in Cisco Adaptive Security Appliance A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. | 7.5 |
| 2019-10-02 | CVE-2019-12695 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2019-10-02 | CVE-2019-12694 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. | 6.7 |
| 2019-10-02 | CVE-2019-12678 | Integer Underflow (Wrap or Wraparound) vulnerability in Cisco products A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |