First published: Wed Apr 27 2022(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-qXz4uAkM This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: These vulnerabilities were found by Rakesh Banerjee Cisco during internal security testingSanmith Prakash Cisco during internal security testing
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco FMC Software | >=6.5.0=6.6.0=6.7.0<=7.0.0<7.0.2 (May 2022)>=6.2.2 and earlier=6.2.3=6.3.0<=6.4.0<6.4.0.15 (May 2022) | 7.0.2 (May 2022) 6.4.0.15 (May 2022) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)