A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system.The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web user to run arbitrary system commands as the www user account on the server. An attacker with user privileges on the web application may be able to leverage this vulnerability to gain access to the underlying operating system.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dRSpUt
A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system.The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web user to run arbitrary system commands as the www user account on the server. An attacker with user privileges on the web application may be able to leverage this vulnerability to gain access to the underlying operating system.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dRSpUt
Security Impact Rating: Medium
CVE: CVE-2016-6433
from Cisco Security Advisory http://ift.tt/2dRSpUt
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.