Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6434 — Improper Authentication in Cisco Secure Firewall Management Center

CWE-287 — Improper Authentication5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 40.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedOct 6

Latest updateMay 17

Description

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center6.0.1

🔴Vulnerability Details

GHSA

GHSA-888q-c9pw-cm4h: Cisco Firepower Management Center 6↗2022-05-17

▶

CVEList

CVE-2016-6434: Cisco Firepower Management Center 6↗2016-10-06

▶

💥Exploits & PoCs

Exploit-DB

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials↗2016-10-05

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Console Authentication Bypass Vulnerability↗2016-10-05

▶