Vulnerabilities > Cisco > Secure Firewall Management Center > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2016-6433 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
network
low complexity
cisco CWE-20
8.8
2016-10-05 CVE-2016-6419 SQL Injection vulnerability in Cisco Secure Firewall Management Center
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
network
high complexity
cisco CWE-89
7.5
2016-08-18 CVE-2016-1458 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
network
low complexity
cisco CWE-264
8.8
2016-08-18 CVE-2016-1457 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
network
low complexity
cisco CWE-264
8.8