Wednesday, September 28, 2016

Cisco Firepower Management Center SQL Injection Vulnerability

A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device.

The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQL request to the affected web page. An exploit could allow the attacker to modify the SQL database used by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BwmH A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device.

The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQL request to the affected web page. An exploit could allow the attacker to modify the SQL database used by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BwmH
Security Impact Rating: Medium
CVE: CVE-2016-6419

from Cisco Security Advisory http://ift.tt/2d4BwmH
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)