|
|||
Rule General Information |
---|
Release Date: | 2019-11-29 | |
Rule Name: | Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal Vulnerability (CVE-2016-6435) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |
Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
Affected OS: | Network Device | |
Reference: | SecurityFocusBID:93421 ExploitDB:40464 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking |
|
Solutions |
---|
Refer to the announcement or patch by the vendor: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 |