what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20160817-fmc

Cisco Security Advisory 20160817-fmc
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, root
systems | cisco
SHA-256 | 8c21b803e3d6d780b64143a8afceabb01b50eb9a9179666705264a98099bc1b0

Cisco Security Advisory 20160817-fmc

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Firepower Management Center Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160817-fmc

Revision 1.0

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

+---------------------------------------------------------------------

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device.

The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXtGo1AAoJEK89gD3EAJB5v5EQAJ8zglRCRCJGkG3rhOCRX4DX
drtIbjxvnY+eDZqwuv8UtWIx/vMbjbn5/U4Ns8igngPQUbjhDLYIf5gFNqOVd3tn
VagiZDXE3gWXUXMYrWv/vDlWDqvQUvsQAxKmeC1LzlVolJE3i9xx1UDcpHUhLxs3
fRuiIiom6fJvjM6T8F0zTl/ycvpBRt9yaPM51caq3CmsoiCyM5R0pyucuN/qckBi
D4R59eAytNh2ItvdfK4uDQ6oYanfv2+19oX1QuALExgKcKyEC69fM+/3O82hjoj4
0o9W1fj3UzjrB4PS7fiDlxrT5uEq+l/Cxu+i30u4qNMivIAL+FT+36KfOb0+qx5W
0qNJ5pZGIEGOATkKwJznmHCI4D7QKPiAJ5NPvmgHk0BD2vM9xpKKR6a2vWDdFnxr
Qg+rwXSLfmHX52AIhc5CaeaGZ9y1Fuc6oqctG7pfqZ78fTCMXDQjhk59NwHXJekb
1JalIiwdSXGE6Ey0tLO+mi3y1oJmGC7z7jL8xa4nTGF5Tzuopzkzv/Ky9pICf370
V1Xs04QQCZvYKZjho5xTroVGJ25COBq2b0dVdBYlndPhsrRdLKWjKboyQyHHcRUi
brCk9Rdb7kA5dN4r7tMBQRQ9cJ8mWpGm6cNy3zZAmzNGnCTIKqW2+DtLqq0ZPwZ6
RQ/+6TyyUZy/r4h+FGx6
=Zyh5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close