CVE-2018-0278

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software (affected versions not specified)

Description: A vulnerability in the management console could allow an unauthenticated, remote attacker to access sensitive data about the system. This issue is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this by convincing a user to visit a malicious website that sends requests to the affected application while the user is logged in with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information and perform another attack against the management console.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.