ID de Prueba:	1.3.6.1.4.1.25623.1.0.106334
Categoría:	CISCO
Título:	Cisco Firepower Management Center Console Authentication Bypass Vulnerability
Resumen:	A vulnerability in the web console of Cisco Firepower Management Center; could allow an authenticated, local attacker to bypass authentication and access sensitive information.
Descripción:	Summary: A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local attacker to bypass authentication and access sensitive information. Vulnerability Insight: The vulnerability is due to the use of static credentials by the database on an affected system. Vulnerability Impact: An authenticated user who can access the command-line interface (CLI) for an affected system may be able to leverage this vulnerability to access information in the database directly from a local shell. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6434 BugTraq ID: 93412 http://www.securityfocus.com/bid/93412 Cisco Security Advisory: 20161005 Cisco Firepower Management Center Console Authentication Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1 https://www.exploit-db.com/exploits/40465/ https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.