HomePentest-Tools.com Logo

Cisco Firepower Management Center Console Local File Inclusion Vulnerability CVE-2016-6435

Severity
CVSSv3 Score
6.5
Vulnerability description

A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information.

Risk description

The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 6, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available