Sanmith Prakash

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software versions (affected versions not specified) Description: A vulnerability in the cluster backup feature could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This issue is due to insufficient validation of user data supplied through the web-based management interface. An attacker could exploit this by sending a crafted HTTP request to an affected device, allowing them to execute arbitrary operating system commands. The attacker would need valid credentials for a user account with at least the role of Network Administrator and would also need to persuade a legitimate user to initiate a cluster backup on the affected device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center (FMC) Software (affected versions not specified) Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This issue is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software versions (affected versions not specified) Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This issue is due to improper validation of user-supplied data. An attacker could exploit this by submitting malicious content to an affected device, allowing them to alter the standard layout of device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. The attacker would need valid credentials for a user account with policy-editing permissions. Recommendations: To resolve the issue, update to a version of Cisco Secure Firewall Management Center (FMC) Software that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict user accounts to only those necessary for operation and ensure that all users with policy-editing permissions are trusted. Avoid using the web-based management interface for generating documents that contain sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: The issue is related to insufficient input validation of SNMP packets, which could allow an authenticated, remote attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. This affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials. An attacker could exploit this by sending a crafted SNMP request to an affected device using IPv4 or IPv6. Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, consider disabling the SNMP feature until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to the SNMP protocol to minimize the risk of exploitation. As a temporary workaround, avoid using the `SNMP community string` or `SNMPv3 user credentials` in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified) Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This issue is due to insufficient input validation of certain HTTP request parameters sent to the web-based management interface. An attacker could exploit this by authenticating to the interface and sending a crafted HTTP request to an affected device, potentially allowing them to execute commands as the root user. To exploit this, an attacker would need Administrator-level credentials. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified) Description: A flaw exists in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software that could allow a remote attacker with valid administrative credentials to retrieve sensitive information from an affected device. The issue is due to insufficient input validation, allowing exploitation by sending a crafted request to the web-based management interface. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to improper error checking when parsing fields within the ICMPv6 header, which could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent. This could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this issue. An attacker could exploit this by sending a crafted ICMPv6 packet through an affected device, causing the device to exhaust CPU resources and stop processing traffic. **Recommendations** To resolve the issue, restart the Snort 2 Detection Engine or the Cisco FTD device to recover from the DoS condition. As a temporary workaround, consider restricting access to the ICMPv6 inspection feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls (affected versions not specified) **Description** A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device, potentially depleting all 9,472 byte blocks on the device and resulting in traffic loss across the device or an unexpected reload of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software. These vulnerabilities could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient input validation in the file download feature of Cisco Firepower Management Center (FMC) Software. This could allow a remote attacker to download arbitrary files from an affected system by sending a crafted HTTPS request to the `/api` endpoint, specifically exploiting the lack of input sanitation. **Recommendations** As a temporary workaround, consider restricting access to the file download feature until a patch is available. Avoid using the file download feature in the affected Cisco Firepower Management Center (FMC) Software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. An attacker could exploit this by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** A vulnerability in the module import function of the administrative interface could allow an authenticated, remote attacker to view sensitive information. This issue is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this by supplying a specially crafted XML file to the function, potentially allowing them to read sensitive data that would normally not be revealed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the interface or access to sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. An attacker could exploit this by persuading a user of the interface to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the interface or access to sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to insufficient memory management for certain Snort events in the Snort detection engine integration, which could allow an unauthenticated, remote attacker to cause unlimited memory consumption. This could lead to a denial of service (DoS) condition on an affected device. An attacker could exploit this by sending a series of crafted IP packets that would generate specific Snort events. A sustained attack could cause an out of memory condition, interrupting all traffic flowing through the device, and potentially causing it to reload. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software. These vulnerabilities could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack, potentially leading to unauthorized access to protected information. An open redirect attack occurs when an application redirects a user to a URL without properly validating it, allowing an attacker to redirect the user to a malicious website. A cross-site scripting (XSS) attack is a type of attack where an attacker injects malicious code into a website, which is then executed by the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software. These vulnerabilities could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. The vulnerability is associated with incorrect checking of input parameters in HTTP requests, which may allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the SSL/TLS message handler could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device, potentially causing the device to reload and resulting in a DoS condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This issue is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note that Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.