CVE-2016-6419 — SQL Injection in Cisco Secure Firewall Management Center

CWE-89 — SQL Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedOct 5

Latest updateMay 17

Description

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7p76-mrph-qq8g: SQL injection vulnerability in Cisco Firepower Management Center 4↗2022-05-17

▶

CVEList

CVE-2016-6419: SQL injection vulnerability in Cisco Firepower Management Center 4↗2016-10-05

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center SQL Injection Vulnerability↗2016-09-28

▶