VAR-201608-0236
Vulnerability from variot - Updated: 2023-12-18 13:09The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. Vendors have confirmed this vulnerability Bug ID CSCur25513 It is released as.Crafted by remotely authenticated users HTTP Any command via request root May be executed as. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCur25513
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "5.3.0.4"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "4.10.3.9"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.10.3.9"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.0.4"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.1"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.2"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.0.4"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x4.10.3.9"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.1"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.1.2"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x6.0"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4.1"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4.0.1"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:4.10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "92509"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1457",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-90276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1457",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1457",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-335",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90276",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. Vendors have confirmed this vulnerability Bug ID CSCur25513 It is released as.Crafted by remotely authenticated users HTTP Any command via request root May be executed as. \nAn attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID CSCur25513",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1457",
"trust": 2.9
},
{
"db": "BID",
"id": "92509",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036642",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1457",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"id": "VAR-201608-0236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:09:02.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160817-fmc",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-fmc"
},
{
"title": "Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63701"
},
{
"title": "Cisco: Cisco Firepower Management Center Remote Command Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160817-fmc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-fmc"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/92509"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1457"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-90276"
},
{
"date": "2016-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92509"
},
{
"date": "2016-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"date": "2016-08-18T19:59:01.410000",
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90276"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92509"
},
{
"date": "2016-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"date": "2017-08-16T01:29:05.507000",
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services of Web base GUI In root Vulnerability to execute arbitrary commands with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…