| Vulnerability Name: | CVE-2016-1458 (CCN-116107) | ||||||||||||
| Assigned: | 2016-08-17 | ||||||||||||
| Published: | 2016-08-17 | ||||||||||||
| Updated: | 2016-11-28 | ||||||||||||
| Summary: | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-1458 Source: CISCO Type: Vendor Advisory 20160817 Cisco Firepower Management Center Privilege Escalation Vulnerability Source: BID Type: UNKNOWN 92512 Source: CCN Type: BID-92512 Cisco Firepower Management Center CVE-2016-1458 Privilege Escalation Vulnerability Source: XF Type: UNKNOWN cisco-firepower-cve20161458-priv-esc(116107) Source: CCN Type: Cisco Security Advisory cisco-sa-20160817-firepower Cisco Firepower Management Center Privilege Escalation Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||