CVE-2016-6433

Опубликовано: 06 окт. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.

Ссылки

http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
Vendor Advisory
http://www.securityfocus.com/bid/93414
Third Party Advisory
VDB Entry
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
Third Party Advisory
https://www.exploit-db.com/exploits/40463/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41041/
Third Party Advisory
VDB Entry
https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Third Party Advisory
http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
Vendor Advisory
http://www.securityfocus.com/bid/93414
Third Party Advisory
VDB Entry
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
Third Party Advisory
https://www.exploit-db.com/exploits/40463/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41041/
Third Party Advisory
VDB Entry
https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:secure_firewall_management_center:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.72601

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-vj79-frfw-249q