cisco-sa-20161207-vdc

Cisco Firepower Management Center Information Disclosure Vulnerability

cisco-sa-20161207-vdc · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. The vulnerability is due to improper masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration screens. An exploit could allow the attacker to view the Remote Storage Password. The attacker could use the Remote Storage Password to conduct additional reconnaissance attacks Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2016-6471
Cisco Bug IDs	CSCvb19366
CVSS Score	Base 4.0 Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Firepower System Software, Cisco Firepower Management Center

Related Products

Product	CVE	Evidence
Cisco Firepower System Software	CVE-2016-6471	Cisco OpenVuln
Cisco Firepower Management Center	CVE-2016-6471	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower Management Center Information Disclosure Vulnerability

Workarounds

Related Products