Vulnerabilities > Cisco > Firepower Threat Defense > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-3514 Unspecified vulnerability in Cisco products
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace.
local
low complexity
cisco
6.7
2020-10-21 CVE-2020-3458 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism.
local
low complexity
cisco
6.7
2020-10-21 CVE-2020-3457 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
6.7
2020-10-21 CVE-2020-3352 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands.
local
low complexity
cisco
5.5
2020-10-21 CVE-2020-3299 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP.
network
low complexity
cisco snort
5.8
2020-05-06 CVE-2020-3315 Exposure of Resource to Wrong Sphere vulnerability in Cisco Firepower Threat Defense
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.
network
low complexity
cisco CWE-668
5.3
2020-05-06 CVE-2020-3308 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device.
network
low complexity
cisco CWE-347
4.9
2020-05-06 CVE-2020-3285 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL.
network
low complexity
cisco
5.8
2020-05-06 CVE-2020-3253 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled.
local
low complexity
cisco
6.7
2020-05-06 CVE-2020-3188 Insufficient Session Expiration vulnerability in Cisco products
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition.
network
low complexity
cisco CWE-613
5.3