Sign-up

ID

VAR-201608-0236


CVE

CVE-2016-1457


TITLE

Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services of Web base GUI In root Vulnerability to execute arbitrary commands with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-004412

DESCRIPTION

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. Vendors have confirmed this vulnerability Bug ID CSCur25513 It is released as.Crafted by remotely authenticated users HTTP Any command via request root May be executed as. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCur25513

Trust: 2.07

sources: NVD: CVE-2016-1457 // JVNDB: JVNDB-2016-004412 // BID: 92509 // VULHUB: VHN-90276 // VULMON: CVE-2016-1457

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1

Trust: 1.7

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.4

Trust: 1.7

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3.9

Trust: 1.7

vendor:ciscomodel:firepower management centerscope:eqversion:5.2.0

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0

Trust: 1.4

vendor:ciscomodel:secure firewall management centerscope:eqversion:4.10.3.9

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.3.0.4

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.3.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.2.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:asa 5500-x series with firepower servicesscope:eqversion:4.10.3.9

Trust: 0.8

vendor:ciscomodel:asa 5500-x series with firepower servicesscope:eqversion:5.2.0

Trust: 0.8

vendor:ciscomodel:asa 5500-x series with firepower servicesscope:eqversion:5.3.0.4

Trust: 0.8

vendor:ciscomodel:asa 5500-x series with firepower servicesscope:eqversion:5.3.1

Trust: 0.8

vendor:ciscomodel:asa 5500-x series with firepower servicesscope:eqversion:5.4.0

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:5.4

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:eqversion:5500-x5.4

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:eqversion:5500-x5.3.1

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:eqversion:5500-x5.2

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:eqversion:5500-x5.3.0.4

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:eqversion:5500-x4.10.3.9

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:5.4.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:5.4.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:5.3.1.2

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:neversion:5500-x6.0

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:neversion:5500-x5.4.1

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:neversion:5500-x5.4.0.1

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicescope:neversion:5500-x5.3.1.2

Trust: 0.3

sources: BID: 92509 // JVNDB: JVNDB-2016-004412 // CNNVD: CNNVD-201608-335 // NVD: CVE-2016-1457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1457
value: HIGH

Trust: 1.0

NVD: CVE-2016-1457
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201608-335
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90276
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1457
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1457
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90276
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1457
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90276 // VULMON: CVE-2016-1457 // JVNDB: JVNDB-2016-004412 // CNNVD: CNNVD-201608-335 // NVD: CVE-2016-1457

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90276 // JVNDB: JVNDB-2016-004412 // NVD: CVE-2016-1457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-335

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004412

PATCH
title:cisco-sa-20160817-fmcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
Trust: 0.8
title:Cisco Firepower Management Center  and ASA 5500-X Series with FirePOWER Services Fixes for remote code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63701
Trust: 0.6
title:Cisco: Cisco Firepower Management Center Remote Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160817-fmc
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-1457 // 
            
            
            
            JVNDB: JVNDB-2016-004412 // 
            
            
            
            CNNVD: CNNVD-201608-335

EXTERNAL IDS
db:NVDid:CVE-2016-1457
Trust: 2.9
db:BIDid:92509
Trust: 2.1
db:SECTRACKid:1036642
Trust: 1.2
db:JVNDBid:JVNDB-2016-004412
Trust: 0.8
db:CNNVDid:CNNVD-201608-335
Trust: 0.7
db:VULHUBid:VHN-90276
Trust: 0.1
db:VULMONid:CVE-2016-1457
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90276 // 
            
            
            
            VULMON: CVE-2016-1457 // 
            
            
            
            BID: 92509 // 
            
            
            
            JVNDB: JVNDB-2016-004412 // 
            
            
            
            CNNVD: CNNVD-201608-335 // 
            
            
            
            NVD: CVE-2016-1457

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-fmc
Trust: 2.2
url:http://www.securityfocus.com/bid/92509
Trust: 1.8
url:http://www.securitytracker.com/id/1036642
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1457
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1457
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90276 // 
            
            
            
            VULMON: CVE-2016-1457 // 
            
            
            
            BID: 92509 // 
            
            
            
            JVNDB: JVNDB-2016-004412 // 
            
            
            
            CNNVD: CNNVD-201608-335 // 
            
            
            
            NVD: CVE-2016-1457

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 92509 // 
            
            
            
            CNNVD: CNNVD-201608-335

SOURCES
db:VULHUBid:VHN-90276
db:VULMONid:CVE-2016-1457
db:BIDid:92509
db:JVNDBid:JVNDB-2016-004412
db:CNNVDid:CNNVD-201608-335
db:NVDid:CVE-2016-1457

LAST UPDATE DATE
2024-11-27T23:04:12.877000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90276date:2017-08-16T00:00:00
db:VULMONid:CVE-2016-1457date:2017-08-16T00:00:00
db:BIDid:92509date:2016-08-17T00:00:00
db:JVNDBid:JVNDB-2016-004412date:2016-08-22T00:00:00
db:CNNVDid:CNNVD-201608-335date:2016-08-19T00:00:00
db:NVDid:CVE-2016-1457date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-90276date:2016-08-18T00:00:00
db:VULMONid:CVE-2016-1457date:2016-08-18T00:00:00
db:BIDid:92509date:2016-08-17T00:00:00
db:JVNDBid:JVNDB-2016-004412date:2016-08-22T00:00:00
db:CNNVDid:CNNVD-201608-335date:2016-08-18T00:00:00
db:NVDid:CVE-2016-1457date:2016-08-18T19:59:01.410