Vulnerability-Lookup

CVE-2016-6434 (GCVE-0-2016-6434)

Vulnerability from cvelistv5 – Published: 2016-10-06 10:00 – Updated: 2024-08-06 01:29

Summary

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

Severity

No CVSS data available.

CWE

Assigner

cisco

References

5 references

URL	Tags
http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
https://www.korelogic.com/Resources/Advisories/KL…	x_refsource_MISC
https://blog.korelogic.com/blog/2016/10/10/virtua…	x_refsource_MISC
http://www.securityfocus.com/bid/93412	vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/40465/	exploitx_refsource_EXPLOIT-DB

Date Public

2016-10-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
          },
          {
            "name": "93412",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93412"
          },
          {
            "name": "40465",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40465/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
        },
        {
          "name": "93412",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93412"
        },
        {
          "name": "40465",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40465/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6434",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
            },
            {
              "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt",
              "refsource": "MISC",
              "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
            },
            {
              "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
              "refsource": "MISC",
              "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
            },
            {
              "name": "93412",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93412"
            },
            {
              "name": "40465",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40465/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6434",
    "datePublished": "2016-10-06T10:00:00.000Z",
    "dateReserved": "2016-07-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:29:19.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-6434",
      "date": "2026-05-29",
      "epss": "0.00385",
      "percentile": "0.5997"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1AFAC1-419D-4ADB-868B-1544BED58B7F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.\"}, {\"lang\": \"es\", \"value\": \"Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener informaci\\u00f3n sensible aprovechando el acceso CLI, vulnerabilidad tambi\\u00e9n conocida como Bug ID CSCva30370.\"}]",
      "id": "CVE-2016-6434",
      "lastModified": "2024-11-26T16:09:02.407",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-06T10:59:15.383",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93412\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/40465/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40465/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6434\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-10-06T10:59:15.383\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.\"},{\"lang\":\"es\",\"value\":\"Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener informaci\u00f3n sensible aprovechando el acceso CLI, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva30370.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1AFAC1-419D-4ADB-868B-1544BED58B7F\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93412\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40465/\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40465/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2016-AVI-331

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTFR-2016-AVI-331

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CNVD-2016-08561

Vulnerability from cnvd - Published: 2016-10-10

Title

Cisco Firepower Management Center Console认证绕过漏洞

Description

Cisco Firepower Management Center是美国思科（Cisco）公司的新一代防火墙管理中心软件。 Cisco Firepower Threat Management Console的本地MySQL数据库的root账号使用了弱密码，攻击者可以利用该漏洞来获取系统管理员权限。

Severity

中

Patch Name

Cisco Firepower Management Center Console认证绕过漏洞的补丁

Patch Description

Cisco Firepower Management Center是美国思科（Cisco）公司的新一代防火墙管理中心软件。 Cisco Firepower Threat Management Console的本地MySQL数据库的root账号使用了弱密码，攻击者可以利用该漏洞来获取系统管理员权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1

Reference

http://www.securityfocus.com/bid/93412

Impacted products

Name
Cisco FirePOWER Management Center

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93412"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6434"
    }
  },
  "description": "Cisco Firepower Management Center\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u9632\u706b\u5899\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nCisco Firepower Threat Management Console\u7684\u672c\u5730MySQL\u6570\u636e\u5e93\u7684root\u8d26\u53f7\u4f7f\u7528\u4e86\u5f31\u5bc6\u7801\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u83b7\u53d6\u7cfb\u7edf\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08561",
  "openTime": "2016-10-10",
  "patchDescription": "Cisco Firepower Management Center\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u9632\u706b\u5899\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nCisco Firepower Threat Management Console\u7684\u672c\u5730MySQL\u6570\u636e\u5e93\u7684root\u8d26\u53f7\u4f7f\u7528\u4e86\u5f31\u5bc6\u7801\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u83b7\u53d6\u7cfb\u7edf\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower Management Center Console\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco FirePOWER Management Center"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93412",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-08",
  "title": "Cisco Firepower Management Center Console\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2016-6434

Vulnerability from fkie_nvd - Published: 2016-10-06 10:59 - Updated: 2026-05-06 22:30

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93412
psirt@cisco.com	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
psirt@cisco.com	https://www.exploit-db.com/exploits/40465/
psirt@cisco.com	https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93412
af854a3a-2127-422b-91ae-364da2661108	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40465/
af854a3a-2127-422b-91ae-364da2661108	https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt

Impacted products

	Vendor	Product	Version
	cisco	secure_firewall_management_center	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1AFAC1-419D-4ADB-868B-1544BED58B7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370."
    },
    {
      "lang": "es",
      "value": "Cisco Firepower Management Center 6.0.1 tiene las credenciales de la base de datos embebida, lo que permite a usuarios locales obtener informaci\u00f3n sensible aprovechando el acceso CLI, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva30370."
    }
  ],
  "id": "CVE-2016-6434",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-06T10:59:15.383",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93412"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://www.exploit-db.com/exploits/40465/"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/40465/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-888Q-C9PW-CM4H

Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2024-11-26 18:38

Details

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

Severity

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-06T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.",
  "id": "GHSA-888q-c9pw-cm4h",
  "modified": "2024-11-26T18:38:37Z",
  "published": "2022-05-17T01:17:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6434"
    },
    {
      "type": "WEB",
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40465"
    },
    {
      "type": "WEB",
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93412"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6434

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

Aliases

CVE-2016-6434

Aliases

CVE-2016-6434

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6434",
    "description": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.",
    "id": "GSD-2016-6434",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-6434"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6434"
      ],
      "details": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.",
      "id": "GSD-2016-6434",
      "modified": "2023-12-13T01:21:23.013912Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6434",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
          },
          {
            "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt",
            "refsource": "MISC",
            "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
          },
          {
            "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
            "refsource": "MISC",
            "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
          },
          {
            "name": "93412",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93412"
          },
          {
            "name": "40465",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40465/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6434"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1"
            },
            {
              "name": "93412",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93412"
            },
            {
              "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt"
            },
            {
              "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
              "refsource": "MISC",
              "tags": [],
              "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
            },
            {
              "name": "40465",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40465/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-09-03T01:29Z",
      "publishedDate": "2016-10-06T10:59Z"
    }
  }
}

VAR-201610-0283

Vulnerability from variot - Updated: 2023-12-18 12:05

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCva30370

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0283",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "93412"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6434",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-6434",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-95254",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6434",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6434",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-109",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95254",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6434",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue being tracked by Cisco Bug ID  CSCva30370",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-95254",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40465",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6434",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93412",
        "trust": 1.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40465",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "138986",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95254",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "id": "VAR-201610-0283",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:20.880000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161005-ftmc1",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ftmc1"
      },
      {
        "title": "Cisco: Cisco Firepower Management Center Console Authentication Bypass Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20161005-ftmc1"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ftmc1"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/93412"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/40465/"
      },
      {
        "trust": 1.2,
        "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
      },
      {
        "trust": 1.2,
        "url": "https://www.korelogic.com/resources/advisories/kl-001-2016-005.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6434"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6434"
      },
      {
        "trust": 0.6,
        "url": "http://packetstormsecurity.com/files/138986/cisco-firepower-threat-management-console-hard-coded-mysql-credentials.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "date": "2016-10-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "BID",
        "id": "93412"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "date": "2016-10-06T10:59:15.383000",
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "date": "2016-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95254"
      },
      {
        "date": "2017-09-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6434"
      },
      {
        "date": "2016-10-10T00:05:00",
        "db": "BID",
        "id": "93412"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      },
      {
        "date": "2017-09-03T01:29:11.250000",
        "db": "NVD",
        "id": "CVE-2016-6434"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "93412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Firepower Management Center Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005142"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-109"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6434 (GCVE-0-2016-6434)

CERTFR-2016-AVI-331

Solution

CERTFR-2016-AVI-331

Solution

CNVD-2016-08561

FKIE_CVE-2016-6434

GHSA-888Q-C9PW-CM4H

GSD-2016-6434

VAR-201610-0283

Tags

Sightings

Nomenclature