9

CVE-2016-6433

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 75.75% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
Vendor Advisory
http://www.securityfocus.com/bid/93414
Third Party Advisory
VDB Entry
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
Third Party Advisory
https://www.exploit-db.com/exploits/40463/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41041/
Third Party Advisory
VDB Entry
https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Third Party Advisory