ID de Prueba:	1.3.6.1.4.1.25623.1.0.106333
Categoría:	CISCO
Título:	Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
Resumen:	A vulnerability in Cisco Firepower Threat Management Console could allow an; authenticated, remote attacker to execute arbitrary commands on a targeted system.
Descripción:	Summary: A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system. Vulnerability Insight: The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web user to run arbitrary system commands as the www user account on the server. Vulnerability Impact: An attacker with user privileges on the web application may be able to leverage this vulnerability to gain access to the underlying operating system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6433 BugTraq ID: 93414 http://www.securityfocus.com/bid/93414 Cisco Security Advisory: 20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc https://www.exploit-db.com/exploits/40463/ https://www.exploit-db.com/exploits/41041/ http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.