Sign-up

ID

VAR-201605-0387


CVE

CVE-2016-1413


TITLE

Cisco Firepower Management Center of Web Vulnerability to change page in interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-002958

DESCRIPTION

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. Attackers can exploit this issue to execute arbitrary code in the context of the affected system. This issue being tracked by Cisco Bug ID CSCuy76517

Trust: 1.98

sources: NVD: CVE-2016-1413 // JVNDB: JVNDB-2016-002958 // BID: 90918 // VULHUB: VHN-90232

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.5

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.0.1 for up to 5.4.0

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.4

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.3

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.6

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.0.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.5

Trust: 0.6

sources: JVNDB: JVNDB-2016-002958 // CNNVD: CNNVD-201605-676 // NVD: CVE-2016-1413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1413
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1413
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201605-676
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90232
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1413
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90232
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1413
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90232 // JVNDB: JVNDB-2016-002958 // CNNVD: CNNVD-201605-676 // NVD: CVE-2016-1413

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-90232 // JVNDB: JVNDB-2016-002958 // NVD: CVE-2016-1413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-676

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201605-676

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002958

PATCH
title:cisco-sa-20160527-fmcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc
Trust: 0.8
title:Cisco FirePOWER Management Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61986
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002958 // 
            
            
            
            CNNVD: CNNVD-201605-676

EXTERNAL IDS
db:NVDid:CVE-2016-1413
Trust: 2.8
db:JVNDBid:JVNDB-2016-002958
Trust: 0.8
db:CNNVDid:CNNVD-201605-676
Trust: 0.7
db:BIDid:90918
Trust: 0.4
db:VULHUBid:VHN-90232
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90232 // 
            
            
            
            BID: 90918 // 
            
            
            
            JVNDB: JVNDB-2016-002958 // 
            
            
            
            CNNVD: CNNVD-201605-676 // 
            
            
            
            NVD: CVE-2016-1413

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160527-fmc
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1413
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1413
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90232 // 
            
            
            
            BID: 90918 // 
            
            
            
            JVNDB: JVNDB-2016-002958 // 
            
            
            
            CNNVD: CNNVD-201605-676 // 
            
            
            
            NVD: CVE-2016-1413

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 90918

SOURCES
db:VULHUBid:VHN-90232
db:BIDid:90918
db:JVNDBid:JVNDB-2016-002958
db:CNNVDid:CNNVD-201605-676
db:NVDid:CVE-2016-1413

LAST UPDATE DATE
2024-11-27T22:55:00.573000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90232date:2016-05-31T00:00:00
db:BIDid:90918date:2016-05-27T00:00:00
db:JVNDBid:JVNDB-2016-002958date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-676date:2016-05-30T00:00:00
db:NVDid:CVE-2016-1413date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-90232date:2016-05-28T00:00:00
db:BIDid:90918date:2016-05-27T00:00:00
db:JVNDBid:JVNDB-2016-002958date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-676date:2016-05-30T00:00:00
db:NVDid:CVE-2016-1413date:2016-05-28T01:59:02.290