cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-34751,https://securityvulnerability.io/vulnerability/CVE-2021-34751,Improper Encryption of Sensitive Information in FMC GUI Configuration Manager Could Lead to Information Disclosure,"A vulnerability affecting the web-based GUI configuration manager of Cisco Firepower Management Center Software enables an authenticated remote attacker to exploit weak encryption mechanisms. By possessing low privilege credentials on the impacted device, an attacker can access sensitive configuration information where parameters may be displayed in clear text. This flaw poses significant risks to information security, as it facilitates unauthorized visibility into crucial settings, potentially leading to further exploitation of the system. Cisco has released updates to mitigate this risk, and users are strongly encouraged to apply these patches immediately.",Cisco,Cisco Firepower Management Center,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-15T16:14:27.746Z,0
CVE-2021-34750,https://securityvulnerability.io/vulnerability/CVE-2021-34750,Cisco Firepower Management Center Software Vulnerability: Sensitive Configuration Information at Risk,"A vulnerability exists in the web-based GUI configuration manager of Cisco Firepower Management Center Software, which may permit an authenticated, remote attacker with low privilege credentials to access sensitive configuration details. This issue arises from inadequate encryption of sensitive data stored within the GUI. Exploiting this vulnerability involves logging into the Firepower Management Center GUI and accessing specific sensitive configurations, which could allow exposure of crucial configuration parameters in plain text. Cisco has addressed this issue through software updates, and no workarounds are available.",Cisco,Cisco Firepower Management Center,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-15T16:14:19.255Z,0
CVE-2024-20386,https://securityvulnerability.io/vulnerability/CVE-2024-20386,Cisco Firepower Management Center Software Vulnerability Could Lead to Stored XSS Attacks,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,6.1,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20403,https://securityvulnerability.io/vulnerability/CVE-2024-20403,Cisco Firepower Management Center Software Vulnerable to XSS Attacks,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.00044999999227002263,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20388,https://securityvulnerability.io/vulnerability/CVE-2024-20388,Unauthenticated Password Reset Vulnerability in Cisco FMC,"A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.
 This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.",Cisco,"Cisco Firepower Management Center,Cisco Firepower Threat Defense Software",5.3,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20482,https://securityvulnerability.io/vulnerability/CVE-2024-20482,Cisco Secure Firewall Management Center (FMC) Software Vulnerability - Elevated Privileges Possible,"A privilege escalation vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center Software, previously known as Firepower Management Center Software. An attacker with a valid account and a custom read-only role may exploit this flaw due to inadequate validation of role permissions. By executing a write operation in the compromised part of the management interface, the attacker could gain the ability to alter critical aspects of the device's configuration, posing a significant security risk. Mitigation strategies should be implemented to safeguard against potential exploits.",Cisco,Cisco Firepower Management Center,6.5,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20409,https://securityvulnerability.io/vulnerability/CVE-2024-20409,Cisco Firepower Management Center Software Vulnerability: Arbitrary Script Code Execution via XSS,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,6.1,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20410,https://securityvulnerability.io/vulnerability/CVE-2024-20410,Cisco Firepower Management Center Software vulnerable to XSS Attack,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,6.1,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20424,https://securityvulnerability.io/vulnerability/CVE-2024-20424,Cisco Secure FMC Software Vulnerability Allows Root Access via Authenticated HTTP Requests,"A vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center Software, formerly known as Firepower Management Center Software. This flaw arises from insufficient input validation of specific HTTP requests, enabling an authenticated remote attacker to exploit the vulnerability. By sending a specially crafted HTTP request after gaining authentication, the attacker could execute arbitrary commands on the underlying operating system as root. This includes the potential to affect managed Cisco Firepower Threat Defense devices, creating a significant security risk for organizations relying on these systems. To successfully exploit this vulnerability, valid credentials for a user account with a minimum role of Security Analyst (Read Only) are required.",Cisco,Cisco Firepower Management Center,9.9,CRITICAL,0.0005200000014156103,false,true,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20374,https://securityvulnerability.io/vulnerability/CVE-2024-20374,Cisco Secure Firewall Management Center Software Vulnerability Allows Arbitrary Code Execution,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.
 This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.",Cisco,Cisco Firepower Management Center,6.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20471,https://securityvulnerability.io/vulnerability/CVE-2024-20471,Cisco FMC Software Vulnerability to SQL Injection Attacks,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
 This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.",Cisco,Cisco Firepower Management Center,6.5,MEDIUM,0.0005000000237487257,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20387,https://securityvulnerability.io/vulnerability/CVE-2024-20387,Cisco FMC Software Vulnerability Could Lead to Stored XSS Attacks,"A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.00044999999227002263,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20372,https://securityvulnerability.io/vulnerability/CVE-2024-20372,Cisco Firepower Management Center Software Vulnerability Could Lead to Stored XSS Attacks,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,6.1,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20364,https://securityvulnerability.io/vulnerability/CVE-2024-20364,Cisco Firepower Management Center Software Vulnerable to Stored XSS Attack,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.00044999999227002263,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20377,https://securityvulnerability.io/vulnerability/CVE-2024-20377,Cisco Firepower Management Center Web-Based Management Interface Vulnerability Could Enable Stored Cross-Site Scripting (XSS) Attacks,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
 This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.00044999999227002263,false,false,false,true,,false,false,2024-10-23T18:15:00.000Z,0
CVE-2024-20300,https://securityvulnerability.io/vulnerability/CVE-2024-20300,Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.0005300000193528831,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20298,https://securityvulnerability.io/vulnerability/CVE-2024-20298,Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.0005300000193528831,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20340,https://securityvulnerability.io/vulnerability/CVE-2024-20340,Cisco Secure Firewall Management Center SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.",Cisco,Cisco Firepower Management Center,6.5,MEDIUM,0.0005799999926239252,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20275,https://securityvulnerability.io/vulnerability/CVE-2024-20275,Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability,"A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.

This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.",Cisco,Cisco Firepower Management Center,6.8,MEDIUM,0.0004600000102072954,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20264,https://securityvulnerability.io/vulnerability/CVE-2024-20264,Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.0005300000193528831,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20269,https://securityvulnerability.io/vulnerability/CVE-2024-20269,Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,5.4,MEDIUM,0.0005300000193528831,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20273,https://securityvulnerability.io/vulnerability/CVE-2024-20273,Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.",Cisco,Cisco Firepower Management Center,6.1,MEDIUM,0.0005200000014156103,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20274,https://securityvulnerability.io/vulnerability/CVE-2024-20274,Cisco Secure Firewall Management Center HTML Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.

This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.",Cisco,Cisco Firepower Management Center,5.5,MEDIUM,0.00044999999227002263,false,false,false,true,,false,false,2024-10-23T17:15:00.000Z,0
CVE-2024-20361,https://securityvulnerability.io/vulnerability/CVE-2024-20361,Access Control Bypass in Cisco Firepower Management Center Software,"This vulnerability occurs in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software. It allows an unauthenticated, remote attacker to exploit a misconfiguration during the deployment of Object Groups for ACLs from Cisco FMC to managed Cisco Firepower Threat Defense (FTD) devices. In environments running high-availability, after the affected FTD device experiences a reboot following the deployment of Object Groups, an attacker can send crafted traffic. A successful exploit enables the attacker to bypass the configured access controls, potentially allowing unauthorized access to devices intended to be protected by the vulnerable FTD device.",Cisco,"Cisco Firepower Management Center,Cisco Firepower Threat Defense Software",5.8,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-05-22T17:16:00.000Z,0
CVE-2023-20048,https://securityvulnerability.io/vulnerability/CVE-2023-20048,Unauthorized Configuration Command Execution Vulnerability in Cisco Firepower Management Center Software,"A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software allows an authenticated remote attacker to execute unauthorized configuration commands on a Firepower Threat Defense (FTD) device. Caused by insufficient authorization, this issue enables attackers with valid credentials to send specially crafted HTTP requests to the FMC, potentially compromising the configuration of the managed FTD device. Properly securing the FMC interface and implementing strict access controls are essential to mitigate risks associated with this vulnerability.",Cisco,Cisco Firepower Management Center,9.9,CRITICAL,0.0012000000569969416,false,false,false,true,true,false,false,2023-11-01T18:15:00.000Z,0