Vulnerabilities > Cisco > Secure Firewall Management Center > High

DATE CVE VULNERABILITY TITLE RISK
2024-05-22 CVE-2024-20360 SQL Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
8.8
2023-11-01 CVE-2023-20063 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input.
local
low complexity
cisco CWE-20
8.2
2023-11-01 CVE-2023-20219 Command Injection vulnerability in Cisco Secure Firewall Management Center
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2023-11-01 CVE-2023-20220 Command Injection vulnerability in Cisco Secure Firewall Management Center
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2022-11-15 CVE-2022-20854 Improper Handling of Exceptional Conditions vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established.
network
low complexity
cisco CWE-755
7.5
2022-11-15 CVE-2022-20918 Improper Authentication vulnerability in Cisco products
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2).
network
low complexity
cisco CWE-287
7.5
2022-11-15 CVE-2022-20925 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
7.2
2022-11-15 CVE-2022-20926 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
8.8
2022-05-03 CVE-2022-20743 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system.
network
low complexity
cisco CWE-434
8.8
2021-10-27 CVE-2021-34754 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic.
network
low complexity
cisco
7.5