CVE-2016-6435

Опубликовано: 06 окт. 2016

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
Vendor Advisory
http://www.securityfocus.com/bid/93421
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40464/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
Vendor Advisory
http://www.securityfocus.com/bid/93421
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40464/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.55026

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-hqcq-vffg-mcgx