Vulnerabilities > Cisco > Secure Firewall Management Center > 4.10.3

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-12689 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.
network
low complexity
cisco CWE-20
8.8
8.8
2019-05-03 CVE-2019-1699 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-78
7.8
7.8
2016-10-05 CVE-2016-6419 SQL Injection vulnerability in Cisco Secure Firewall Management Center
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
network
high complexity
cisco CWE-89
7.5
7.5
2016-08-23 CVE-2016-6365 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
network
low complexity
cisco CWE-79
6.1
6.1
2016-08-18 CVE-2016-1458 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
network
low complexity
cisco CWE-264
8.8
8.8
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
low complexity
cisco CWE-79
6.1
6.1