Executive Summary

Summary
Title Cisco Firepower Management Center Privilege Escalation Vulnerability
Informations
Name cisco-sa-20160817-firepower First vendor Publication 2016-08-17
Vendor Cisco Last vendor Modification 2016-08-17
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXtHJ/AAoJEK89gD3EAJB5ve4QAK95Ceao/vCkUXcTrU74nbAa /iU1pUxN7VdqXFHDTRth7tyQYTeykn9xKjbw46I3PjLkr6yQ90r2tUvb80No9HiQ +PhTqYsI5xru4bJOvRRasOqYK7AqdJqlE/jx7MRPnY4RYcaAgXdX/+87MfEE2qqD DnypfDFOfkFaOCXqgqpZPGk5lqljJ2lONih8stkEpDpNB/xUxESgtLHoxyurDiqA 9UYVir29xnQSWYVMwJDkx/ejjOGzj875efxsRiYyKSD8bauuBkqjXbc0vUWM4maL 549tnm8B15kkkslyDnrZreRYsQQilcRg7zNQF8HTMPNhOVad7PtTLydCv/ObHvnh k9Qq2304f5iL/oi4xvJkFqcmJ9GojSUkdLZtWvSPEdQKSYvtUWGG1B8nva6v8dTP yjD15d+Sp8J8WyW5sMVRLhdyWLugbWJ/IVgehrOv7POPca91NIByqJR74RU3pU8N HZ5N4dscJouqx9WvBwuKoGags++3HWv9cDzgCaGn7iATu5LKJk6h4hB7I667dIdt ZtfHxuDV8Zwx+xxHSEPvhap/EjnAUeCNna+q6/8VA2cPrdh1SW4tDyVMYakHLZlp jD8qgfaNysYnidJIP855xD6asY+sFFgHYJLUg3FeEmB0utnxOazQDP9x+owNAquj 1ZrlfLwWvg5YcUdn8uOI =TMYb END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

Snort® IPS/IDS

Date Description
2016-08-18 Cisco FirePOWER Management Center pjb.cgi privilege escalation attempt
RuleID : 39898 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-08-19 17:24:59
  • Multiple Updates
2016-08-19 00:25:04
  • Multiple Updates
2016-08-17 21:23:34
  • First insertion