A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page.The vulnerability is due to verbose output returned when HTML files are retrieved from the affected system. An attacker could exploit this vulnerability by reading the information disclosed in the help files to conduct further attacks.
Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1Ld9mDk
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page.The vulnerability is due to verbose output returned when HTML files are retrieved from the affected system. An attacker could exploit this vulnerability by reading the information disclosed in the help files to conduct further attacks.
Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1Ld9mDk
Security Impact Rating: Medium
CVE: CVE-2016-1342
from Cisco Security Advisory http://ift.tt/1Ld9mDk
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.