Sign-up

ID

VAR-201610-0270


CVE

CVE-2016-6419


TITLE

Cisco FirePOWER Management Center In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005108

DESCRIPTION

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCur25485

Trust: 2.07

sources: NVD: CVE-2016-6419 // JVNDB: JVNDB-2016-005108 // BID: 93206 // VULHUB: VHN-95239 // VULMON: CVE-2016-6419

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:5.2.0

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0

Trust: 1.4

vendor:ciscomodel:secure firewall management centerscope:eqversion:4.10.3

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.3.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.3.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.2.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:0

Trust: 0.3

sources: BID: 93206 // JVNDB: JVNDB-2016-005108 // CNNVD: CNNVD-201609-633 // NVD: CVE-2016-6419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6419
value: HIGH

Trust: 1.0

NVD: CVE-2016-6419
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-633
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95239
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-6419
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6419
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95239
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6419
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95239 // VULMON: CVE-2016-6419 // JVNDB: JVNDB-2016-005108 // CNNVD: CNNVD-201609-633 // NVD: CVE-2016-6419

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-95239 // JVNDB: JVNDB-2016-005108 // NVD: CVE-2016-6419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-633

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201609-633

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005108

PATCH
title:cisco-sa-20160928-fpmcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc
Trust: 0.8
title:Cisco Firepower Management Center SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64406
Trust: 0.6
title:Cisco: Cisco Firepower Management Center SQL Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160928-fpmc
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-warns-of-critical-flaw-in-email-security-appliances/120968/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-6419 // 
            
            
            
            JVNDB: JVNDB-2016-005108 // 
            
            
            
            CNNVD: CNNVD-201609-633

EXTERNAL IDS
db:NVDid:CVE-2016-6419
Trust: 2.9
db:BIDid:93206
Trust: 2.1
db:JVNDBid:JVNDB-2016-005108
Trust: 0.8
db:CNNVDid:CNNVD-201609-633
Trust: 0.7
db:NSFOCUSid:34989
Trust: 0.6
db:VULHUBid:VHN-95239
Trust: 0.1
db:VULMONid:CVE-2016-6419
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95239 // 
            
            
            
            VULMON: CVE-2016-6419 // 
            
            
            
            BID: 93206 // 
            
            
            
            JVNDB: JVNDB-2016-005108 // 
            
            
            
            CNNVD: CNNVD-201609-633 // 
            
            
            
            NVD: CVE-2016-6419

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-fpmc
Trust: 2.2
url:http://www.securityfocus.com/bid/93206
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6419
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6419
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34989
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-warns-of-critical-flaw-in-email-security-appliances/120968/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95239 // 
            
            
            
            VULMON: CVE-2016-6419 // 
            
            
            
            BID: 93206 // 
            
            
            
            JVNDB: JVNDB-2016-005108 // 
            
            
            
            CNNVD: CNNVD-201609-633 // 
            
            
            
            NVD: CVE-2016-6419

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93206 // 
            
            
            
            CNNVD: CNNVD-201609-633

SOURCES
db:VULHUBid:VHN-95239
db:VULMONid:CVE-2016-6419
db:BIDid:93206
db:JVNDBid:JVNDB-2016-005108
db:CNNVDid:CNNVD-201609-633
db:NVDid:CVE-2016-6419

LAST UPDATE DATE
2024-11-27T23:01:10.059000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95239date:2016-11-28T00:00:00
db:VULMONid:CVE-2016-6419date:2016-11-28T00:00:00
db:BIDid:93206date:2016-10-03T06:00:00
db:JVNDBid:JVNDB-2016-005108date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201609-633date:2016-10-08T00:00:00
db:NVDid:CVE-2016-6419date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-95239date:2016-10-05T00:00:00
db:VULMONid:CVE-2016-6419date:2016-10-05T00:00:00
db:BIDid:93206date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005108date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201609-633date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6419date:2016-10-05T10:59:19.393