CVE-2016-1213
published 2017-04-20CVE-2016-1213: The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
PriorityP429medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.33%
67.5th percentile
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | <= 4.2.1 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
exploitdb·2016-10-05·CVSS 6.5
CVE-2016-6435 [MEDIUM] Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
---
KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion
Title: Cisco Firepower Threat Management Console Local File Inclusion
Advisory ID: KL-001-2016-006
Publication Date: 2016.10.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
1. Vulnerability Details
Affected Vendor: Cisco
Affected Product: Firepower Threat Management Console
Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213)
Platform: Embedded Linux
CWE Classification: CWE-73: External Control of File Name or Path
Impact: Information Disclosure
Attack vector: HTTP
CVE-ID: CVE-2016-6435
2. Vulnerability Description
An authenticated user can access arbitrary files on the local s
Exploit-DB
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
exploitdb·2016-10-05·CVSS 8.8
CVE-2016-6433 [HIGH] Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
---
KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command
Execution Leading to Root Access
Title: Cisco Firepower Threat Management Console Remote Command Execution
Leading to Root Access
Advisory ID: KL-001-2016-007
Publication Date: 2016.10.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
1. Vulnerability Details
Affected Vendor: Cisco
Affected Product: Firepower Threat Management Console
Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213)
Platform: Embedded Linux
CWE Classification: CWE-434: Unrestricted Upload of File with Dangerous
Type, CWE-94: Improper Control of Generation of Code
Impact: Arbitrary Code Execution
Attack vector: HT
Exploit-DB
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
exploitdb·2016-10-05·CVSS 7.8
CVE-2016-6434 [HIGH] Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
---
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL
Credentials
Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
Advisory ID: KL-001-2016-005
Publication Date: 2016.10.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
1. Vulnerability Details
Affected Vendor: Cisco
Affected Product: Firepower Threat Management Console
Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213)
Platform: Embedded Linux
CWE Classification: CWE-798: Use of Hard-coded Credentials
Impact: Authentication Bypass
CVE-ID: CVE-2016-6434
2. Vulnerability Description
The root account for the local MySQL database has poor password
com
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN67266823/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000142http://www.securityfocus.com/bid/92596https://support.cybozu.com/ja-jp/article/9221http://jvn.jp/en/jp/JVN67266823/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000142http://www.securityfocus.com/bid/92596https://support.cybozu.com/ja-jp/article/9221
2017-04-20
Published