Vulnerabilities > Cisco > Firesight System Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-10 | CVE-2017-6735 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.2.0/6.2.1 A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. | 6.7 |
| 2016-12-14 | CVE-2016-6471 | Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6 A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. | 6.5 |
| 2016-10-05 | CVE-2016-6420 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | 6.5 |
| 2016-09-12 | CVE-2016-6396 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. | 5.3 |
| 2016-09-12 | CVE-2016-6395 | Cross-site Scripting vulnerability in Cisco Firesight System Software Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | 5.4 |
| 2016-03-03 | CVE-2016-1355 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.1.0 Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. | 6.1 |
| 2016-01-16 | CVE-2016-1294 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.1 Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094. | 6.1 |
| 2016-01-16 | CVE-2016-1293 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0/6.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. | 6.1 |