Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6435Sensitive Information Exposure in Cisco Secure Firewall Management Center

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
55.0%
top 1.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Secure Firewall Management Center
Timeline
PublishedOct 6
Latest updateMay 17

Description

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hqcq-vffg-mcgx: The web console in Cisco Firepower Management Center 62022-05-17
CVEList
CVE-2016-6435: The web console in Cisco Firepower Management Center 62016-10-06

💥Exploits & PoCs

2
Exploit-DB
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion2016-10-05
Metasploit
Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Console Local File Inclusion Vulnerability2016-10-05
CVE-2016-6435 — Sensitive Information Exposure in Cisco | cvebase