Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Firepower Management Center Virtual Appliance Firmware
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34749 1 Cisco 3 Firepower Management Center, Firepower Management Center Virtual Appliance Firmware, Ironport Web Security Appliance 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.
CVE-2019-15269 1 Cisco 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVE-2019-15268 1 Cisco 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.