CVE-2016-1458 — Cisco Secure Firewall Management Center vulnerability

CWE-2648 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 47.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedAug 18

Latest updateMay 17

Description

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hpv8-jm67-hqfq: The web-based GUI in Cisco Firepower Management Center 4↗2022-05-17

▶

CVEList

CVE-2016-1458: The web-based GUI in Cisco Firepower Management Center 4↗2016-08-18

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Privilege Escalation Vulnerability↗2016-08-17

▶

💬Community

Bugzilla

CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)↗2016-07-18

▶

Bugzilla

CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981)↗2016-07-15

▶

Bugzilla

CVE-2016-3587 OpenJDK: insufficient protection of MethodHandle.invokeBasic() (Hotspot, 8154475)↗2016-07-15

▶