Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firepower_management_center_virtual_appliance | Cisco | 6.1.0 (including) | 6.1.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.2.0 (including) | 6.2.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.2.3 (including) | 6.2.3 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.3.0 (including) | 6.3.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.4.0 (including) | 6.4.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.5.0 (including) | 6.5.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.6.0 (including) | 6.6.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.6.1 (including) | 6.6.1 (including) |
Firepower_management_center_virtual_appliance | Cisco | 6.7.0 (including) | 6.7.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 7.0.0 (including) | 7.0.0 (including) |
Firepower_management_center_virtual_appliance | Cisco | 7.1.0 (including) | 7.1.0 (including) |
Firepower_threat_defense | Cisco | * | 6.4.0.13 (excluding) |
Firepower_threat_defense | Cisco | 6.5.0 (including) | 6.6.5 (excluding) |
Firepower_threat_defense | Cisco | 6.7.0 (including) | 6.7.0.3 (excluding) |
Sourcefire_defense_center | Cisco | 6.1.0 (including) | 6.1.0 (including) |
Sourcefire_defense_center | Cisco | 6.2.0 (including) | 6.2.0 (including) |
Sourcefire_defense_center | Cisco | 6.2.3 (including) | 6.2.3 (including) |
Sourcefire_defense_center | Cisco | 6.3.0 (including) | 6.3.0 (including) |
Sourcefire_defense_center | Cisco | 6.4.0 (including) | 6.4.0 (including) |
Sourcefire_defense_center | Cisco | 6.5.0 (including) | 6.5.0 (including) |
Sourcefire_defense_center | Cisco | 6.6.0 (including) | 6.6.0 (including) |
Sourcefire_defense_center | Cisco | 6.6.1 (including) | 6.6.1 (including) |
Sourcefire_defense_center | Cisco | 6.7.0 (including) | 6.7.0 (including) |
Sourcefire_defense_center | Cisco | 7.0.0 (including) | 7.0.0 (including) |
Sourcefire_defense_center | Cisco | 7.1.0 (including) | 7.1.0 (including) |