CVE-2016-6420

CWE-200 โ€” Information ExposureCWE-2644 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 84.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firesight System Software
Timeline
PublishedOct 5
Latest updateMay 17

Description

Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDcisco/firesight_system_software5 versions+4

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-r4rh-wx3c-837c: Cisco FireSIGHT System Software 4โ†—2022-05-17
โ–ถ
CVEList
CVE-2016-6420: Cisco FireSIGHT System Software 4โ†—2016-10-05
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco Firepower Management Center Privilege Escalation Vulnerabilityโ†—2016-09-28
โ–ถ