Vulnerabilities > Cisco > Firepower Threat Defense

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-3549 Inadequate Encryption Strength vulnerability in Cisco Firepower Threat Defense
A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash.
network
high complexity
cisco CWE-326
8.1
2020-10-21 CVE-2020-3533 Resource Exhaustion vulnerability in Cisco Firepower Threat Defense
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3529 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3528 Resource Exhaustion vulnerability in Cisco Firepower Threat Defense
A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3514 Unspecified vulnerability in Cisco products
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace.
local
low complexity
cisco
6.7
2020-10-21 CVE-2020-3458 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism.
local
low complexity
cisco
6.7
2020-10-21 CVE-2020-3457 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
6.7
2020-10-21 CVE-2020-3436 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.
network
low complexity
cisco CWE-434
8.6
2020-10-21 CVE-2020-3373 Memory Leak vulnerability in Cisco products
A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.
network
low complexity
cisco CWE-401
8.6
2020-10-21 CVE-2020-3352 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands.
local
low complexity
cisco
5.5