Vulnerability Details CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
- http://www.securityfocus.com/bid/93412
- https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
- https://www.exploit-db.com/exploits/40465/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
- http://www.securityfocus.com/bid/93412
- https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
- https://www.exploit-db.com/exploits/40465/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
Products affected by CVE-2016-6434
-
cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1