CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6434 – Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
https://notcve.org/view.php?id=CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener información sensible aprovechando el acceso CLI, vulnerabilidad también conocida como Bug ID CSCva30370. Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40465 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1 http://www.securityfocus.com/bid/93412 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6419
https://notcve.org/view.php?id=CVE-2016-6419
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. Vulnerabilidad de inyección SQL en Cisco Firepower Management Center 4.10.3 hasta la versión 5.4.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como Bug ID CSCur25485. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc http://www.securityfocus.com/bid/93206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6365
https://notcve.org/view.php?id=CVE-2016-6365
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. Vulnerabilidad XSS en Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1 y 5.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs CSCur25508 y CSCur25518. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc http://www.securityfocus.com/bid/92510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1457
https://notcve.org/view.php?id=CVE-2016-1457
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. La GUI basada en web en Cisco Firepower Management Center 4.x y 5.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 y Cisco Adaptive Security Appliance (ASA) Software en dispositivos 5500-X con FirePOWER Services 4.x y 5.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root a través de peticiones HTTP manipuladas, también conocido como Bug ID CSCur25513. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc http://www.securityfocus.com/bid/92509 http://www.securitytracker.com/id/1036642 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1458
https://notcve.org/view.php?id=CVE-2016-1458
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. La GUI basada en web en Cisco Firepower Management Center 4.x y 5.x en versiones anteriores a 5.3.0.3, 5.3.1.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 y Cisco Adaptive Security Appliance (ASA) Software en dispositivos 5500-X con FirePOWER Services 4.x y 5.x en versiones anteriores a 5.3.0.3, 5.3.1.x en versiones anteriores a 5.3.1.2 y 5.4.x en versiones anteriores a 5.4.0.1 permite a usuarios remotos autenticados aumentar los privilegios de cuenta de usuario a través de peticiones HTTP manipuladas, también conocido como Bug ID CSCur25483. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower http://www.securityfocus.com/bid/92512 • CWE-264: Permissions, Privileges, and Access Controls •