A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local attacker to bypass authentication and access sensitive information.The vulnerability is due to the use of static credentials by the database on an affected system. An authenticated user who can access the command-line interface (CLI) for an affected system may be able to leverage this vulnerability to access information in the database directly from a local shell.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2dRS8Rv
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local attacker to bypass authentication and access sensitive information.The vulnerability is due to the use of static credentials by the database on an affected system. An authenticated user who can access the command-line interface (CLI) for an affected system may be able to leverage this vulnerability to access information in the database directly from a local shell.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2dRS8Rv
Security Impact Rating: Medium
CVE: CVE-2016-6434
from Cisco Security Advisory http://ift.tt/2dRS8Rv
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.