CVE-2016-6434

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Secure_firewall_management_center	Cisco	6.0.1 (including)	6.0.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
http://www.securityfocus.com/bid/93412
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40465/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
http://www.securityfocus.com/bid/93412
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
https://www.exploit-db.com/exploits/40465/
https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6434
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References