Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-3565 | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |
| 2020-10-21 | CVE-2020-3564 | Interpretation Conflict vulnerability in Cisco Firepower Threat Defense A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. | 5.3 |
| 2020-10-21 | CVE-2020-3561 | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |
| 2020-10-21 | CVE-2020-3558 | Open Redirect vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2020-10-21 | CVE-2020-3557 | Improper Certificate Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.3 |
| 2020-10-21 | CVE-2020-3553 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2020-10-21 | CVE-2020-3515 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2020-10-21 | CVE-2020-3514 | Unspecified vulnerability in Cisco products A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. | 6.7 |
| 2020-10-21 | CVE-2020-3458 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. | 6.7 |
| 2020-10-21 | CVE-2020-3457 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |