Vulnerabilities > Cisco > Secure Firewall Management Center > 5.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12689 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. | 8.8 |
| 2019-05-03 | CVE-2019-1699 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2018-07-16 | CVE-2018-0385 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 7.5 |
| 2018-04-19 | CVE-2018-0233 | Resource Exhaustion vulnerability in Cisco Secure Firewall Management Center A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. | 8.6 |
| 2017-07-04 | CVE-2017-6717 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-07-04 | CVE-2017-6716 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 5.4 |
| 2017-07-04 | CVE-2017-6715 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-02-03 | CVE-2017-3814 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. | 5.8 |
| 2016-10-27 | CVE-2016-6439 | Resource Management Errors vulnerability in Cisco Secure Firewall Management Center A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 7.5 |
| 2016-10-06 | CVE-2016-6433 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | 8.8 |