Signature Detail

HTTP: Cisco Firepower UserAdd Remote Code Execution

The Threat Management Console in Cisco Firepower Management Center allows remote authenticated users to execute arbitrary commands via crafted web-application parameters.

Extended Description

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.

Affected Products

• Cisco firepower_management_center 5.2.0
• Cisco firepower_management_center 5.2_base
• Cisco firepower_management_center 5.3.0
• Cisco firepower_management_center 5.3.0.2
• Cisco firepower_management_center 5.3.0.3
• Cisco firepower_management_center 5.3.0.4
• Cisco firepower_management_center 5.3.1
• Cisco firepower_management_center 5.3.1.3
• Cisco firepower_management_center 5.3.1.4
• Cisco firepower_management_center 5.3.1.5
• Cisco firepower_management_center 5.3.1.6
• Cisco firepower_management_center 5.4.0
• Cisco firepower_management_center 5.4.0.2
• Cisco firepower_management_center 5.4.1
• Cisco firepower_management_center 5.4.1.1
• Cisco firepower_management_center 5.4.1.2
• Cisco firepower_management_center 5.4.1.3
• Cisco firepower_management_center 5.4.1.4
• Cisco firepower_management_center 5.4.1.5
• Cisco firepower_management_center 5.4.1.6
• Cisco firepower_management_center 5.4_base
• Cisco firepower_management_center 6.0.1

References

• BugTraq: 93414
• CVE: CVE-2016-6433
• URL: https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking