Vulnerabilities > Cisco > Firepower Threat Defense > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-3583 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
| 2020-10-21 | CVE-2020-3582 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
| 2020-10-21 | CVE-2020-3581 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
| 2020-10-21 | CVE-2020-3580 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
| 2020-10-21 | CVE-2020-3578 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. | 6.5 |
| 2020-10-21 | CVE-2020-3577 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |
| 2020-10-21 | CVE-2020-3565 | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |
| 2020-10-21 | CVE-2020-3564 | Interpretation Conflict vulnerability in Cisco Firepower Threat Defense A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. | 5.3 |
| 2020-10-21 | CVE-2020-3561 | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |
| 2020-10-21 | CVE-2020-3550 | Path Traversal vulnerability in Cisco Firepower Management Center A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. | 5.5 |