Vulnerability Details CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.55
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
- http://www.securityfocus.com/bid/93421
- https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
- https://www.exploit-db.com/exploits/40464/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
- http://www.securityfocus.com/bid/93421
- https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
- https://www.exploit-db.com/exploits/40464/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
Products affected by CVE-2016-6435
-
cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1