Thuy Nguyen

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Management Center (FMC) Software (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. This could enable the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. In some cases, it may also cause a temporary availability impact to portions of the FMC Dashboard. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This issue is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface, potentially allowing them to bypass configured access control and intrusion policies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** The issue is related to the implementation of the Ethernet Industrial Protocol (ENIP) in the Cisco Firepower Threat Defense (FTD) Software, which is associated with access control weaknesses. An unauthenticated, remote attacker could exploit this by sending specially crafted ENIP packets to bypass configured security rules. The vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets, allowing an attacker to bypass configured access control and intrusion policies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.