SymmetricalDataSecurity: Cisco Firepower Management Center Web Interface Code Injection Vulnerability

Friday, May 27, 2016

Cisco Firepower Management Center Web Interface Code Injection Vulnerability

A vulnerability in the web interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to modify a page in the web interface.

The vulnerability is due to improper sanitization of some parameter values. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the injected code.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1WQudjZ A vulnerability in the web interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to modify a page in the web interface.

The vulnerability is due to improper sanitization of some parameter values. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the injected code.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1WQudjZ
Security Impact Rating: Medium
CVE: CVE-2016-1413

from Cisco Security Advisory http://ift.tt/1WQudjZ

SymmetricalDataSecurity

Friday, May 27, 2016

Cisco Firepower Management Center Web Interface Code Injection Vulnerability

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews