Vulnerabilities > Cisco > Secure Firewall Management Center > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-16 CVE-2018-0383 Protection Mechanism Failure vulnerability in Cisco Secure Firewall Management Center 6.2.2.1/6.2.3/6.3.0
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP.
network
low complexity
cisco CWE-693
8.6
2018-07-16 CVE-2018-0370 Unspecified vulnerability in Cisco Secure Firewall Management Center 6.1.0.7/6.2.0.5/6.2.2.2
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing.
network
low complexity
cisco
7.5
2018-06-21 CVE-2018-0365 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2018-04-19 CVE-2018-0233 Resource Exhaustion vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6
2017-10-05 CVE-2017-12245 Missing Release of Resource after Effective Lifetime vulnerability in Cisco Secure Firewall Management Center
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability.
network
low complexity
cisco CWE-772
8.6
2017-10-05 CVE-2017-12244 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.
network
low complexity
cisco CWE-20
8.6
2017-04-20 CVE-2016-6368 Resource Management Errors vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.
network
low complexity
cisco CWE-399
8.6
2016-12-14 CVE-2016-9193 Improper Input Validation vulnerability in Cisco products
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
network
low complexity
cisco CWE-20
7.5
2016-10-27 CVE-2016-6439 Resource Management Errors vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.
network
low complexity
cisco CWE-399
7.5
2016-10-06 CVE-2016-6434 Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.0.1
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
local
low complexity
cisco CWE-287
7.8