CVE Vulnerabilities

CVE-2016-1457

Published: Aug 18, 2016 | Modified: Nov 26, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.

Affected Software

Name Vendor Start Version End Version
Secure_firewall_management_center Cisco 4.10.3.9 (including) 4.10.3.9 (including)
Secure_firewall_management_center Cisco 5.2.0 (including) 5.2.0 (including)
Secure_firewall_management_center Cisco 5.3.0.4 (including) 5.3.0.4 (including)
Secure_firewall_management_center Cisco 5.3.1 (including) 5.3.1 (including)
Secure_firewall_management_center Cisco 5.4.0 (including) 5.4.0 (including)

References