CVSS: 6.5EPSS: 81%CPEs: 1EXPL: 1CVE-2016-6435 – Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. La consola web en Cisco Firepower Management Center 6.0.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de parámetros manipulados, vulnerabilidad también conocida como Bug ID CSCva30376. Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40464 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 http://www.securityfocus.com/bid/93421 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 24%CPEs: 20EXPL: 2CVE-2016-6433 – Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-6433
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versión 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de parámetros de aplicación web manipulados, vulnerabilidad también conocida como Bug ID CSCva30872. Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40463 https://www.exploit-db.com/exploits/41041 http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc http://www.securityfocus.com/bid/93414 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6434 – Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
https://notcve.org/view.php?id=CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener información sensible aprovechando el acceso CLI, vulnerabilidad también conocida como Bug ID CSCva30370. Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected. • https://www.exploit-db.com/exploits/40465 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1 http://www.securityfocus.com/bid/93412 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6419
https://notcve.org/view.php?id=CVE-2016-6419
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. Vulnerabilidad de inyección SQL en Cisco Firepower Management Center 4.10.3 hasta la versión 5.4.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como Bug ID CSCur25485. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc http://www.securityfocus.com/bid/93206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6365
https://notcve.org/view.php?id=CVE-2016-6365
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. Vulnerabilidad XSS en Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1 y 5.4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs CSCur25508 y CSCur25518. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc http://www.securityfocus.com/bid/92510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •