Overview
- Description
- Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF3259C7-8F36-46B1-A1BA-C2F9AC165A2D",
"versionEndIncluding": "6.6.7.1",
"versionStartIncluding": "6.6.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79C97BD3-D82A-493B-BCBB-9909ED80D084",
"versionEndIncluding": "6.7.0.3",
"versionStartIncluding": "6.7.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BE29E8B-5D64-4CF6-B8CB-A38E991A9BB9",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "749D90E8-9009-4F05-8C5E-2521A9BC7D32",
"versionEndIncluding": "7.1.0.3",
"versionStartIncluding": "7.1.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84980453-D30F-40F2-801A-590B15C73D9A",
"versionEndIncluding": "7.2.4",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E355BD8E-18E7-4405-8F32-0A191DCE0774",
"versionEndIncluding": "7.3.1.1",
"versionStartIncluding": "7.3.0"
}
],
"operator": "OR"
}
]
}
]