CVE-2016-1413 — Code Injection in Cisco Secure Firewall Management Center

CWE-94 — Code Injection4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedMay 28

Latest updateMay 17

Description

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center10 versions+9

🔴Vulnerability Details

GHSA

GHSA-89q5-pg89-vmxm: The web interface in Cisco Firepower Management Center 5↗2022-05-17

▶

CVEList

CVE-2016-1413: The web interface in Cisco Firepower Management Center 5↗2016-05-28

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Web Interface Code Injection Vulnerability↗2016-05-27

▶