Cisco Firepower Management Center Remote Command Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device.The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2aZoFOz
A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device.The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2aZoFOz
Security Impact Rating: Critical
CVE: CVE-2016-1457
from Cisco Security Advisory http://ift.tt/2aZoFOz