What is the severity of cisco-sa-fmc-xss-SfpEcvGT?

The cisco-sa-fmc-xss-SfpEcvGT vulnerability is classified as high severity due to its potential for exploitation through cross-site scripting attacks.

How do I fix cisco-sa-fmc-xss-SfpEcvGT?

To mitigate the cisco-sa-fmc-xss-SfpEcvGT vulnerability, upgrade Cisco FMC Software to version 7.0.2 or later.

Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?

The cisco-sa-fmc-xss-SfpEcvGT vulnerability affects Cisco FMC Software versions 6.2.2 and earlier, 6.2.3, 6.3, 6.4, 6.5, 6.6, 6.7, and up to exclusive 7.0.2.

Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?

Yes, the cisco-sa-fmc-xss-SfpEcvGT vulnerability can be exploited remotely by an unauthenticated attacker.

What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?

The cisco-sa-fmc-xss-SfpEcvGT vulnerability allows attackers to conduct cross-site scripting (XSS) attacks due to improper validation of user-supplied input.

Vulnerability/
cisco-sa-fmc-xss-SfpEcvGT

medium

6.1

CWE

80 79

27/4/2022

cisco-sa-fmc-xss-SfpEcvGT: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

First published: Wed Apr 27 2022(Updated: )

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-SfpEcvGT This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.

Credit: Maxim Suslov.

Affected Software	Affected Version	How to fix
Cisco FMC Software	>=6.2.2 and earlier=6.2.3=6.3=6.4=6.5=6.6=6.7<=7.0<7.0.2 (May 2022)	7.0.2 (May 2022)

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-SfpEcvGT (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2022-20740

Frequently Asked Questions

What is the severity of cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability is classified as high severity due to its potential for exploitation through cross-site scripting attacks.
How do I fix cisco-sa-fmc-xss-SfpEcvGT?
To mitigate the cisco-sa-fmc-xss-SfpEcvGT vulnerability, upgrade Cisco FMC Software to version 7.0.2 or later.
Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability affects Cisco FMC Software versions 6.2.2 and earlier, 6.2.3, 6.3, 6.4, 6.5, 6.6, 6.7, and up to exclusive 7.0.2.
Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?
Yes, the cisco-sa-fmc-xss-SfpEcvGT vulnerability can be exploited remotely by an unauthenticated attacker.
What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability allows attackers to conduct cross-site scripting (XSS) attacks due to improper validation of user-supplied input.

agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/cisco-advisory
source/Cisco
agent/software-canonical-lookup
agent/weakness
agent/references
agent/title
agent/author
agent/severity
agent/tags
agent/description
agent/event
agent/source
vendor/cisco
canonical/cisco fmc software
version/cisco fmc software/6.2.2 and earlier
version/cisco fmc software/6.2.3
version/cisco fmc software/6.3
version/cisco fmc software/6.4
version/cisco fmc software/6.5
version/cisco fmc software/6.6
version/cisco fmc software/6.7
version/cisco fmc software/7.0

Frequently Asked Questions

What is the severity of cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability is classified as high severity due to its potential for exploitation through cross-site scripting attacks.
How do I fix cisco-sa-fmc-xss-SfpEcvGT?
To mitigate the cisco-sa-fmc-xss-SfpEcvGT vulnerability, upgrade Cisco FMC Software to version 7.0.2 or later.
Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability affects Cisco FMC Software versions 6.2.2 and earlier, 6.2.3, 6.3, 6.4, 6.5, 6.6, 6.7, and up to exclusive 7.0.2.
Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?
Yes, the cisco-sa-fmc-xss-SfpEcvGT vulnerability can be exploited remotely by an unauthenticated attacker.
What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?
The cisco-sa-fmc-xss-SfpEcvGT vulnerability allows attackers to conduct cross-site scripting (XSS) attacks due to improper validation of user-supplied input.

cisco-sa-fmc-xss-SfpEcvGT: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the severity of cisco-sa-fmc-xss-SfpEcvGT?

How do I fix cisco-sa-fmc-xss-SfpEcvGT?

Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?

Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?

What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of cisco-sa-fmc-xss-SfpEcvGT?

How do I fix cisco-sa-fmc-xss-SfpEcvGT?

Which versions are affected by cisco-sa-fmc-xss-SfpEcvGT?

Can cisco-sa-fmc-xss-SfpEcvGT be exploited remotely?

What kind of attack can be conducted using cisco-sa-fmc-xss-SfpEcvGT?