Print Page - Cisco Security Advisory - Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Title: Cisco Security Advisory - Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Post by: Netwörkheäd on May 01, 2021, 06:15:49 PM

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA

Security Impact Rating: Medium

CVE: CVE-2021-1455,CVE-2021-1456,CVE-2021-1457,CVE-2021-1458
Source: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Management%20Center%20Software%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1)

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: Netwörkheäd on May 01, 2021, 06:15:49 PM