cnvd - cnvd-2016-03696

cnvd-2016-03696

Vulnerability from cnvd

Title

Cisco Firepower Management Center Web接口代码注入漏洞

Description

Cisco Firepower是高级防火墙系列产品。 Cisco Firepower Management Center 5.4.x－6.0.0.1版本Web接口未正确过滤某些参数值存在安全漏洞，远程攻击者向受影响参数注入恶意代码，诱使用户访问网页可触发注入代码，修改Web接口内的页面。

Severity

中

Formal description

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1413

Impacted products

Name
Cisco FirePOWER Management Center >=5.4.x，<=6.0.0.1

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1413"
    }
  },
  "description": "Cisco Firepower\u662f\u9ad8\u7ea7\u9632\u706b\u5899\u7cfb\u5217\u4ea7\u54c1\u3002\r\n\r\nCisco Firepower Management Center 5.4.x\uff0d6.0.0.1\u7248\u672cWeb\u63a5\u53e3\u672a\u6b63\u786e\u8fc7\u6ee4\u67d0\u4e9b\u53c2\u6570\u503c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u5411\u53d7\u5f71\u54cd\u53c2\u6570\u6ce8\u5165\u6076\u610f\u4ee3\u7801\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u7f51\u9875\u53ef\u89e6\u53d1\u6ce8\u5165\u4ee3\u7801\uff0c\u4fee\u6539Web\u63a5\u53e3\u5185\u7684\u9875\u9762\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03696",
  "openTime": "2016-05-31",
  "products": {
    "product": "Cisco FirePOWER Management Center \u003e=5.4.x\uff0c\u003c=6.0.0.1"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1413",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-30",
  "title": "Cisco Firepower Management Center Web\u63a5\u53e3\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2016-1413 (GCVE-0-2016-1413)

Vulnerability from cvelistv5

Published

2016-05-28 01:00

Modified

2024-08-05 22:55

Severity ?

CWE

n/a

Summary

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

References

URL

Tags

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160527 Cisco Firepower Management Center Web Interface Code Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-05-28T01:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160527 Cisco Firepower Management Center Web Interface Code Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1413",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160527 Cisco Firepower Management Center Web Interface Code Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1413",
    "datePublished": "2016-05-28T01:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.