Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Secure Firewall Management Center HTML Injection Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Secure Firewall Management Center 安全漏洞
Vulnerability Description
Cisco Secure Firewall Management Center是美国思科(Cisco)公司的一个强大的网络安全管理工具。 Cisco Secure Firewall Management Center存在安全漏洞,该漏洞源于对用户提供的数据验证不当。攻击者利用该漏洞可以更改设备生成的文档的标准布局,从底层操作系统访问任意文件,并执行服务器端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A