cvelistv5 - cve-2016-6433

CVE-2016-6433 (GCVE-0-2016-6433)

Vulnerability from cvelistv5

Published

2016-10-06 10:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

References

URL

Tags

psirt@cisco.com	http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html	Third Party Advisory, VDB Entry
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93414	Third Party Advisory, VDB Entry
psirt@cisco.com	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking	Third Party Advisory
psirt@cisco.com	https://www.exploit-db.com/exploits/40463/	Third Party Advisory, VDB Entry
psirt@cisco.com	https://www.exploit-db.com/exploits/41041/	Third Party Advisory, VDB Entry
psirt@cisco.com	https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93414	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40463/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41041/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
          },
          {
            "name": "93414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93414"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
          },
          {
            "name": "40463",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40463/"
          },
          {
            "name": "41041",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41041/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
          },
          {
            "name": "20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
        },
        {
          "name": "93414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93414"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
        },
        {
          "name": "40463",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40463/"
        },
        {
          "name": "41041",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41041/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
        },
        {
          "name": "20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6433",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt",
              "refsource": "MISC",
              "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
            },
            {
              "name": "93414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93414"
            },
            {
              "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
              "refsource": "MISC",
              "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
            },
            {
              "name": "40463",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40463/"
            },
            {
              "name": "41041",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41041/"
            },
            {
              "name": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
            },
            {
              "name": "20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6433",
    "datePublished": "2016-10-06T10:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6433\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-10-06T10:59:14.337\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.\"},{\"lang\":\"es\",\"value\":\"El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versi\u00f3n 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de par\u00e1metros de aplicaci\u00f3n web manipulados, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva30872.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"456DC3D1-4FEE-4C05-8AFD-E28E6E12F4AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30E233C0-7547-479D-BC2B-A9F75106ADF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6208D84A-C7EE-4F9D-82B2-C3BD657A6B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12A7E1A-DD5F-4D24-B40C-9B6A4B06B7E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80F6ABE-ED3A-4F37-91E7-102DB4B63BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FC04411-7DDF-4E11-A22C-1013396AC47B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B03AFE63-7D90-4092-9AB0-E05531EB0412\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C06AC416-34EE-4881-8CCE-7E5CDD185364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47D22E4A-D02B-48E7-86D9-2A05A07C8A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8695C71C-53B3-49F6-9BDD-85A45762D9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27EA38C1-A34F-430A-92F7-1D299F78B449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE5CF68A-AAF1-4103-AD83-E2192785B31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38ACE806-3514-4D95-85DA-BAD7245011A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1898CADB-3B2B-4A3E-86DD-23A9E1A3E40F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6B5ED0-0E42-45A2-BBBB-148C2BE5DD14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0091657B-E242-4664-8F2F-85B8FCDF3EE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D7DA95-E977-4D06-92C8-E4E8B464E1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15B5C864-D82A-43BB-B193-CB9756A3B8BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA8E3657-BC3D-4A7D-8523-0D64F69CFE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1AFAC1-419D-4ADB-868B-1544BED58B7F\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93414\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40463/\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/41041/\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40463/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/41041/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

fkie_cve-2016-6433

Vulnerability from fkie_nvd

Published

2016-10-06 10:59

Modified

2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html	Third Party Advisory, VDB Entry
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93414	Third Party Advisory, VDB Entry
psirt@cisco.com	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking	Third Party Advisory
psirt@cisco.com	https://www.exploit-db.com/exploits/40463/	Third Party Advisory, VDB Entry
psirt@cisco.com	https://www.exploit-db.com/exploits/41041/	Third Party Advisory, VDB Entry
psirt@cisco.com	https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93414	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40463/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41041/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt	Third Party Advisory

Impacted products

Vendor	Product	Version
cisco	secure_firewall_management_center	5.2.0
cisco	secure_firewall_management_center	5.3.0
cisco	secure_firewall_management_center	5.3.0.2
cisco	secure_firewall_management_center	5.3.0.3
cisco	secure_firewall_management_center	5.3.0.4
cisco	secure_firewall_management_center	5.3.1
cisco	secure_firewall_management_center	5.3.1.3
cisco	secure_firewall_management_center	5.3.1.4
cisco	secure_firewall_management_center	5.3.1.5
cisco	secure_firewall_management_center	5.3.1.6
cisco	secure_firewall_management_center	5.4.0
cisco	secure_firewall_management_center	5.4.0.2
cisco	secure_firewall_management_center	5.4.1
cisco	secure_firewall_management_center	5.4.1.1
cisco	secure_firewall_management_center	5.4.1.2
cisco	secure_firewall_management_center	5.4.1.3
cisco	secure_firewall_management_center	5.4.1.4
cisco	secure_firewall_management_center	5.4.1.5
cisco	secure_firewall_management_center	5.4.1.6
cisco	secure_firewall_management_center	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "456DC3D1-4FEE-4C05-8AFD-E28E6E12F4AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E233C0-7547-479D-BC2B-A9F75106ADF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6208D84A-C7EE-4F9D-82B2-C3BD657A6B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12A7E1A-DD5F-4D24-B40C-9B6A4B06B7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80F6ABE-ED3A-4F37-91E7-102DB4B63BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC04411-7DDF-4E11-A22C-1013396AC47B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03AFE63-7D90-4092-9AB0-E05531EB0412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06AC416-34EE-4881-8CCE-7E5CDD185364",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D22E4A-D02B-48E7-86D9-2A05A07C8A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8695C71C-53B3-49F6-9BDD-85A45762D9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27EA38C1-A34F-430A-92F7-1D299F78B449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5CF68A-AAF1-4103-AD83-E2192785B31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38ACE806-3514-4D95-85DA-BAD7245011A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1898CADB-3B2B-4A3E-86DD-23A9E1A3E40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B5ED0-0E42-45A2-BBBB-148C2BE5DD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0091657B-E242-4664-8F2F-85B8FCDF3EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D7DA95-E977-4D06-92C8-E4E8B464E1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B5C864-D82A-43BB-B193-CB9756A3B8BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8E3657-BC3D-4A7D-8523-0D64F69CFE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1AFAC1-419D-4ADB-868B-1544BED58B7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872."
    },
    {
      "lang": "es",
      "value": "El Threat Management Console en Cisco Firepower Management Center 5.2.0 hasta la versi\u00f3n 6.0.1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de par\u00e1metros de aplicaci\u00f3n web manipulados, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva30872."
    }
  ],
  "id": "CVE-2016-6433",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-06T10:59:14.337",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93414"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40463/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41041/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40463/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41041/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-6433

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-6433

Aliases

CVE-2016-6433

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6433",
    "description": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.",
    "id": "GSD-2016-6433",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-6433"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6433"
      ],
      "details": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.",
      "id": "GSD-2016-6433",
      "modified": "2023-12-13T01:21:22.996496Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6433",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt",
            "refsource": "MISC",
            "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
          },
          {
            "name": "93414",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93414"
          },
          {
            "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
            "refsource": "MISC",
            "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
          },
          {
            "name": "40463",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40463/"
          },
          {
            "name": "41041",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41041/"
          },
          {
            "name": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
          },
          {
            "name": "20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6433"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
            },
            {
              "name": "93414",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93414"
            },
            {
              "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
            },
            {
              "name": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
            },
            {
              "name": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
            },
            {
              "name": "41041",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/41041/"
            },
            {
              "name": "40463",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40463/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-01-05T17:39Z",
      "publishedDate": "2016-10-06T10:59Z"
    }
  }
}

ghsa-vj79-frfw-249q

Vulnerability from github

Published

2022-05-13 01:12

Modified

2024-11-26 18:38

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-06T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.",
  "id": "GHSA-vj79-frfw-249q",
  "modified": "2024-11-26T18:38:37Z",
  "published": "2022-05-13T01:12:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6433"
    },
    {
      "type": "WEB",
      "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40463"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41041"
    },
    {
      "type": "WEB",
      "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93414"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2016-08559

Vulnerability from cnvd

Title

Cisco Firepower Management Center Console本地文件包含漏洞

Description

Cisco Firepower Management Center是美国思科（Cisco）公司的新一代防火墙管理中心软件。 Cisco Firepower Threat Management Console存在本地文件包含漏洞，攻击者可以利用该漏洞获取系统敏感信息。

Severity

中

Patch Name

Cisco Firepower Management Center Console本地文件包含漏洞的补丁

Patch Description

Cisco Firepower Management Center是美国思科（Cisco）公司的新一代防火墙管理中心软件。 Cisco Firepower Threat Management Console存在本地文件包含漏洞，攻击者可以利用该漏洞获取系统敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2

Reference

http://www.securityfocus.com/bid/93414

Impacted products

Name
Cisco FirePOWER Management Center

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93414"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6433"
    }
  },
  "description": "Cisco Firepower Management Center\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u9632\u706b\u5899\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nCisco Firepower Threat Management Console\u5b58\u5728\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08559",
  "openTime": "2016-10-10",
  "patchDescription": "Cisco Firepower Management Center\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u9632\u706b\u5899\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nCisco Firepower Threat Management Console\u5b58\u5728\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower Management Center Console\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco FirePOWER Management Center"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93414",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-08",
  "title": "Cisco Firepower Management Center Console\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e"
}

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

var-201610-0282

Vulnerability from variot

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. An attacker can exploit this issue to execute arbitrary commands within the context of the affected application. This issue is tracked by Cisco Bug ID CSCva30872

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0282",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1.6"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.0.3"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.0.2"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.3"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.4"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.5"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.6"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.1"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.0"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1.3"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1.5"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.0.4"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2.0"
      },
      {
        "model": "secure firewall management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1.4"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.2.0 to  6.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.3.0.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.4.1.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.3.1.5"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.3.0.4"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.3.1.4"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.3.1.6"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93414"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:firepower_management_center",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "93414"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6433",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2016-6433",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-95253",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-6433",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6433",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6433",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6433",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-106",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95253",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. \nAn attacker can exploit this issue to execute arbitrary commands within the context of the affected application. \nThis issue is tracked by Cisco Bug ID CSCva30872",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "BID",
        "id": "93414"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-95253",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6433",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93414",
        "trust": 1.4
      },
      {
        "db": "PACKETSTORM",
        "id": "140467",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41041",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40463",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "138988",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-92711",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-95253",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "db": "BID",
        "id": "93414"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "id": "VAR-201610-0282",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-27T22:59:43.084000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161005-ftmc",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc"
      },
      {
        "title": "Cisco Firepower Management Center Fixes for remote command execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64533"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ftmc"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93414"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/40463/"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/41041/"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/140467/cisco-firepower-management-console-6.0-post-authentication-useradd.html"
      },
      {
        "trust": 1.1,
        "url": "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking"
      },
      {
        "trust": 1.1,
        "url": "https://www.korelogic.com/resources/advisories/kl-001-2016-007.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6433"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6433"
      },
      {
        "trust": 0.6,
        "url": "http://packetstormsecurity.com/files/138988/cisco-firepower-threat-management-command-execution.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "db": "BID",
        "id": "93414"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "db": "BID",
        "id": "93414"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "BID",
        "id": "93414"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "date": "2016-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "date": "2016-10-06T10:59:14.337000",
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95253"
      },
      {
        "date": "2016-10-10T03:03:00",
        "db": "BID",
        "id": "93414"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      },
      {
        "date": "2024-11-26T16:09:02.407000",
        "db": "NVD",
        "id": "CVE-2016-6433"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Firepower Management Center of  Threat Management Console Vulnerable to arbitrary command execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005141"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-106"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-6433 (GCVE-0-2016-6433)

Vulnerability from cvelistv5

fkie_cve-2016-6433

Vulnerability from fkie_nvd

gsd-2016-6433

Vulnerability from gsd

ghsa-vj79-frfw-249q

Vulnerability from github

cnvd-2016-08559

Vulnerability from cnvd

CERTFR-2016-AVI-331

Vulnerability from certfr_avis

Solution

var-201610-0282

Vulnerability from variot

Tags

Sightings

Nomenclature