var-201608-0236
Vulnerability from variot
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. Vendors have confirmed this vulnerability Bug ID CSCur25513 It is released as.Crafted by remotely authenticated users HTTP Any command via request root May be executed as. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCur25513
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "5.3.0.4"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "4.10.3.9"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.3.9"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.0.4"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.10.3.9"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.0.4"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "asa 5500-x series with firepower services",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.1"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.2"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.0.4"
},
{
"model": "asa series with firepower service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x4.10.3.9"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.1"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.1.2"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x6.0"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4.1"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.4.0.1"
},
{
"model": "asa series with firepower service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x5.3.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asa_5500-x_with_firepower_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "92509"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1457",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-90276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1457",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1457",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1457",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-335",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90276",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. Vendors have confirmed this vulnerability Bug ID CSCur25513 It is released as.Crafted by remotely authenticated users HTTP Any command via request root May be executed as. \nAn attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID CSCur25513",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1457",
"trust": 2.9
},
{
"db": "BID",
"id": "92509",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036642",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1457",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"id": "VAR-201608-0236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T23:04:12.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160817-fmc",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc"
},
{
"title": "Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63701"
},
{
"title": "Cisco: Cisco Firepower Management Center Remote Command Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160817-fmc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-fmc"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/92509"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1457"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90276"
},
{
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"db": "BID",
"id": "92509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-90276"
},
{
"date": "2016-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92509"
},
{
"date": "2016-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"date": "2016-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"date": "2016-08-18T19:59:01.410000",
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90276"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1457"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92509"
},
{
"date": "2016-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004412"
},
{
"date": "2016-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-335"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2016-1457"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services of Web base GUI In root Vulnerability to execute arbitrary commands with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-335"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.