CVE-2016-1457 — Cisco Secure Firewall Management Center vulnerability

CWE-2644 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedAug 18

Latest updateMay 17

Description

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-g3rq-2957-28ch: The web-based GUI in Cisco Firepower Management Center 4↗2022-05-17

▶

CVEList

CVE-2016-1457: The web-based GUI in Cisco Firepower Management Center 4↗2016-08-18

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Remote Command Execution Vulnerability↗2016-08-17

▶