CVE Vulnerabilities

CVE-2016-1457

Published: Aug 18, 2016 | Modified: Aug 16, 2017
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.

Affected Software

Name Vendor Start Version End Version
Firepower_management_center Cisco 5.3.0.4 5.3.0.4
Firepower_management_center Cisco 4.10.3.9 4.10.3.9
Firepower_management_center Cisco 5.3.1 5.3.1
Firepower_management_center Cisco 5.4.0 5.4.0
Firepower_management_center Cisco 5.2.0 5.2.0

References