|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-11-29 | |
| Rule Name: | Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal Vulnerability (CVE-2016-6435) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Network Device | |
| Reference: | SecurityFocusBID:93421 ExploitDB:40464 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 |