The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html | Third Party Advisory VDB Entry |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc | Vendor Advisory |
http://www.securityfocus.com/bid/93414 | Third Party Advisory VDB Entry |
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking | Third Party Advisory |
https://www.exploit-db.com/exploits/40463/ | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/41041/ | Third Party Advisory VDB Entry |
https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jan 2021, 17:39
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/93414 - Third Party Advisory, VDB Entry | |
References | (MISC) https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking - Third Party Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/41041/ - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt - Third Party Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/40463/ - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:cisco:firepower_management_center:5.4_base:*:*:*:*:*:*:* |
Information
Published : 2016-10-06 10:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-6433
Mitre link : CVE-2016-6433
CVE.ORG link : CVE-2016-6433
JSON object : View
Products Affected
cisco
- firepower_management_center
CWE
CWE-20
Improper Input Validation