Posts for: #6.2.3.10

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 4.9 Security Advisory

TL;DR 📌

A command injection vulnerability has been identified in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This flaw allows authenticated attackers with Administrator-level privileges to execute arbitrary commands on the underlying operating system. The highest CVSS score for this vulnerability is 4.9, classified as Medium severity. No workarounds are available, and software updates have been released to address the issue.

[]

Cisco Secure Firewall Management Center Software XPATH Injection Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 4.9 Security Advisory

TL;DR 📌

A medium-severity XPATH injection vulnerability has been identified in the Cisco Secure Firewall Management Center (FMC) Software, allowing authenticated attackers to retrieve sensitive information. There are no workarounds available, and users are advised to apply the necessary software updates.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software has been discovered. This vulnerability arises from insufficient input validation, enabling an authenticated remote attacker to send crafted requests to the management interface. Successful exploitation could lead to the retrieval of sensitive information from the affected device. Importantly, the attacker must possess valid administrative credentials to exploit this vulnerability.

[]

Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.1 Security Advisory

TL;DR 📌

A medium severity cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This flaw could allow unauthenticated remote attackers to execute arbitrary scripts in the context of the interface. There are no workarounds available, but Cisco has released software updates to address this issue.

What happened 🕵️‍♂️

Cisco has reported a vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. This vulnerability arises from insufficient validation of user-supplied input, allowing attackers to execute arbitrary script code or access sensitive browser-based information through crafted input.

[]

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability

🚨 SEVERITY: HIGH — CVSS 8.6 Security Advisory

TL;DR 📌

A denial of service (DoS) vulnerability has been identified in the Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Software for the Firepower 2100 Series. This vulnerability allows unauthenticated remote attackers to cause a device reload by sending specially crafted IPv6 packets over an IPsec VPN connection. Cisco has released software updates to address this issue, but there are no workarounds available.

[]