Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_firewall_management_center
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 170 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-08-14 | CVE-2025-20265 | A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server.... | Secure_firewall_management_center | N/A | ||
| 2024-05-22 | CVE-2024-20361 | A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is... | Secure_firewall_management_center | N/A | ||
| 2024-11-15 | CVE-2021-34751 | A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of... | Secure_firewall_management_center | 4.3 | ||
| 2021-10-27 | CVE-2021-40116 | Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the... | Firepower_threat_defense, Secure_firewall_management_center, Snort | 7.5 | ||
| 2018-06-21 | CVE-2018-0365 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful... | Amp_7150_firmware, Amp_8150_firmware, Firepower_appliance_7010_firmware, Firepower_appliance_7020_firmware, Firepower_appliance_7030_firmware, Firepower_appliance_7050_firmware, Firepower_appliance_7110_firmware, Firepower_appliance_7115_firmware, Firepower_appliance_7120_firmware, Firepower_appliance_7125_firmware, Firepower_appliance_8120_firmware, Firepower_appliance_8130_firmware, Firepower_appliance_8140_firmware, Firepower_appliance_8250_firmware, Firepower_appliance_8260_firmware, Firepower_appliance_8270_firmware, Firepower_appliance_8290_firmware, Firepower_appliance_8350_firmware, Firepower_appliance_8360_firmware, Firepower_appliance_8370_firmware, Firepower_appliance_8390_firmware, Firepower_management_center_1000_firmware, Firepower_management_center_2000_firmware, Firepower_management_center_2500_firmware, Firepower_management_center_4000_firmware, Firepower_management_center_4500_firmware, Firepower_management_center_virtual_appliance, Firesight_management_center_1500_firmware, Firesight_management_center_3500_firmware, Firesight_management_center_750_firmware, Ngips_virtual_appliance, Secure_firewall_management_center | 8.8 | ||
| 2016-05-28 | CVE-2016-1413 | The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | Secure_firewall_management_center | 6.5 | ||
| 2015-12-15 | CVE-2015-6411 | Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | Secure_firewall_management_center | N/A | ||
| 2016-02-26 | CVE-2016-1342 | The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | Secure_firewall_management_center | 5.3 | ||
| 2016-06-18 | CVE-2016-1431 | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | Secure_firewall_management_center | 6.1 | ||
| 2016-08-18 | CVE-2016-1457 | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | Secure_firewall_management_center | 8.8 |