A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information.The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2dRSuHC
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information.The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2dRSuHC
Security Impact Rating: Medium
CVE: CVE-2016-6435
from Cisco Security Advisory http://ift.tt/2dRSuHC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.