Test Kennung:	1.3.6.1.4.1.25623.1.0.106333
Kategorie:	CISCO
Titel:	Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
Zusammenfassung:	A vulnerability in Cisco Firepower Threat Management Console could allow an; authenticated, remote attacker to execute arbitrary commands on a targeted system.
Beschreibung:	Summary: A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system. Vulnerability Insight: The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web user to run arbitrary system commands as the www user account on the server. Vulnerability Impact: An attacker with user privileges on the web application may be able to leverage this vulnerability to gain access to the underlying operating system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6433 BugTraq ID: 93414 http://www.securityfocus.com/bid/93414 Cisco Security Advisory: 20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc https://www.exploit-db.com/exploits/40463/ https://www.exploit-db.com/exploits/41041/ http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.