CVE-2016-6434

Опубликовано: 06 окт. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
Vendor Advisory
http://www.securityfocus.com/bid/93412
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40465/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
Vendor Advisory
http://www.securityfocus.com/bid/93412
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40465/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00385

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-888q-c9pw-cm4h