TL;DR 📌

Multiple vulnerabilities have been identified in the Cisco Secure Firewall Management Center (FMC) Software that could allow authenticated, low-privileged remote attackers to access unauthorized files. The highest CVSS score for these vulnerabilities is 6.5, indicating a medium level of risk. Software updates are available to address these issues, but there are no workarounds.

What happened 🕵️‍♂️

Cisco has disclosed multiple vulnerabilities in the web-based management interface of the Cisco Secure Firewall Management Center (FMC) Software. These vulnerabilities could allow an authenticated, low-privileged remote attacker to access files they are not authorized to view, including troubleshoot files and generated reports from different domains managed on the same FMC instance. The vulnerabilities stem from missing authorization checks.

TL;DR 📌

A command injection vulnerability has been identified in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This flaw allows authenticated attackers with Administrator-level privileges to execute arbitrary commands on the underlying operating system. The highest CVSS score for this vulnerability is 4.9, classified as Medium severity. No workarounds are available, and software updates have been released to address the issue.

TL;DR 📌

A medium-severity XPATH injection vulnerability has been identified in the Cisco Secure Firewall Management Center (FMC) Software, allowing authenticated attackers to retrieve sensitive information. There are no workarounds available, and users are advised to apply the necessary software updates.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software has been discovered. This vulnerability arises from insufficient input validation, enabling an authenticated remote attacker to send crafted requests to the management interface. Successful exploitation could lead to the retrieval of sensitive information from the affected device. Importantly, the attacker must possess valid administrative credentials to exploit this vulnerability.

TL;DR 📌

A medium severity cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This flaw could allow unauthenticated remote attackers to execute arbitrary scripts in the context of the interface. There are no workarounds available, but Cisco has released software updates to address this issue.

What happened 🕵️‍♂️

Cisco has reported a vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This vulnerability arises from insufficient validation of user-supplied input, allowing attackers to execute arbitrary script code or access sensitive browser-based information through crafted input.

TL;DR 📌

A denial of service (DoS) vulnerability has been identified in the Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software for the Firepower 2100 Series. This vulnerability allows unauthenticated remote attackers to cause a device reload by sending specially crafted IPv6 packets over an IPsec VPN connection. Cisco has released software updates to address this issue, but there are no workarounds available.