cisco-sa-fmc-xss-SfpEcvGT: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
First published: Wed Apr 27 2022(Updated: )
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-SfpEcvGT This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: Maxim Suslov.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center Software | >=6.2.2 and earlier=6.2.3=6.3=6.4=6.5=6.6=6.7<=7.0<7.0.2 (May 2022) | 7.0.2 (May 2022) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability is classified as high severity due to its potential for exploitation through cross-site scripting attacks.
How do I fix cisco-sa-fmc-xss-SfpEcvGT?
To mitigate the cisco-sa-fmc-xss-SfpEcvGT vulnerability, upgrade Cisco FMC Software to version 7.0.2 or later.
Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability affects Cisco FMC Software versions 6.2.2 and earlier, 6.2.3, 6.3, 6.4, 6.5, 6.6, 6.7, and up to exclusive 7.0.2.
Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?
Yes, the cisco-sa-fmc-xss-SfpEcvGT vulnerability can be exploited remotely by an unauthenticated attacker.
What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability allows attackers to conduct cross-site scripting (XSS) attacks due to improper validation of user-supplied input.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco firepower management center software
- version/cisco firepower management center software/6.2.2 and earlier
- version/cisco firepower management center software/6.2.3
- version/cisco firepower management center software/6.3
- version/cisco firepower management center software/6.4
- version/cisco firepower management center software/6.5
- version/cisco firepower management center software/6.6
- version/cisco firepower management center software/6.7
- version/cisco firepower management center software/7.0