Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2019-05-03 |
| Product | Firepower Management Center | Last view | 2024-05-22 |
| Version | 6.2.3.10 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:firepower_management_center | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2024-05-22 | CVE-2024-20360 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. |
| 8.8 | 2023-11-01 | CVE-2023-20220 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. |
| 8.8 | 2023-11-01 | CVE-2023-20219 | Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. |
| 6.1 | 2023-11-01 | CVE-2023-20206 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
| 6.5 | 2023-11-01 | CVE-2023-20155 | A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered. |
| 6.5 | 2023-11-01 | CVE-2023-20114 | A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system. |
| 6.1 | 2023-11-01 | CVE-2023-20074 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
| 8.2 | 2023-11-01 | CVE-2023-20063 | A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device. |
| 9.9 | 2023-11-01 | CVE-2023-20048 | A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. |
| 6.1 | 2023-11-01 | CVE-2023-20005 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
| 5.3 | 2022-11-15 | CVE-2022-20941 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. |
| 4.3 | 2022-11-15 | CVE-2022-20938 | A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed. |
| 4.8 | 2022-11-15 | CVE-2022-20936 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20935 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20932 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 7.5 | 2022-11-15 | CVE-2022-20918 | A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. |
| 4.8 | 2022-11-15 | CVE-2022-20905 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20872 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 7.5 | 2022-11-15 | CVE-2022-20854 | A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20843 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20840 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20839 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20838 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20836 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
| 4.8 | 2022-11-15 | CVE-2022-20835 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 56% (31) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 3% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 3% (2) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 3% (2) | CWE-287 | Improper Authentication |
| 3% (2) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 3% (2) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 3% (2) | CWE-20 | Improper Input Validation |
| 1% (1) | CWE-787 | Out-of-bounds Write |
| 1% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
| 1% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
| 1% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 1% (1) | CWE-522 | Insufficiently Protected Credentials |
| 1% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (1) | CWE-331 | Insufficient Entropy |
| 1% (1) | CWE-326 | Inadequate Encryption Strength |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 1% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52632 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52631 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52630 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52629 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52628 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-12-05 | Cisco Firepower Management Center LDAP authentication bypass attempt RuleID : 52627 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-12-05 | Cisco Firepower Management Center command injection attempt RuleID : 51719 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-05 | Cisco Firepower Management Center command injection attempt RuleID : 51718 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-05 | Cisco Firepower Management Center command injection attempt RuleID : 51717 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-05 | Cisco Firepower Management Center command injection attempt RuleID : 51716 - Type : SERVER-WEBAPP - Revision : 1 |
| 2014-01-10 | SSH brute force login attempt RuleID : 19559 - Type : INDICATOR-SCAN - Revision : 13 |
