Wednesday, December 7, 2016

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.

The vulnerability is due to improper masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration screens. An exploit could allow the attacker to view the Remote Storage Password. The attacker could use the Remote Storage Password to conduct additional reconnaissance attacks

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2gCullm A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.

The vulnerability is due to improper masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration screens. An exploit could allow the attacker to view the Remote Storage Password. The attacker could use the Remote Storage Password to conduct additional reconnaissance attacks

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2gCullm
Security Impact Rating: Medium
CVE: CVE-2016-6471

from Cisco Security Advisory http://ift.tt/2gCullm
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)