| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Aug 2016 12:03:50 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Firepower Management Center Remote Command Execution Vulnerability Advisory ID: cisco-sa-20160817-fmc Revision 1.0 For Public Release: 2016 August 17 16:00 GMT Summary ======= +--------------------------------------------------------------------- A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXtGo1AAoJEK89gD3EAJB5v5EQAJ8zglRCRCJGkG3rhOCRX4DX drtIbjxvnY+eDZqwuv8UtWIx/vMbjbn5/U4Ns8igngPQUbjhDLYIf5gFNqOVd3tn VagiZDXE3gWXUXMYrWv/vDlWDqvQUvsQAxKmeC1LzlVolJE3i9xx1UDcpHUhLxs3 fRuiIiom6fJvjM6T8F0zTl/ycvpBRt9yaPM51caq3CmsoiCyM5R0pyucuN/qckBi D4R59eAytNh2ItvdfK4uDQ6oYanfv2+19oX1QuALExgKcKyEC69fM+/3O82hjoj4 0o9W1fj3UzjrB4PS7fiDlxrT5uEq+l/Cxu+i30u4qNMivIAL+FT+36KfOb0+qx5W 0qNJ5pZGIEGOATkKwJznmHCI4D7QKPiAJ5NPvmgHk0BD2vM9xpKKR6a2vWDdFnxr Qg+rwXSLfmHX52AIhc5CaeaGZ9y1Fuc6oqctG7pfqZ78fTCMXDQjhk59NwHXJekb 1JalIiwdSXGE6Ey0tLO+mi3y1oJmGC7z7jL8xa4nTGF5Tzuopzkzv/Ky9pICf370 V1Xs04QQCZvYKZjho5xTroVGJ25COBq2b0dVdBYlndPhsrRdLKWjKboyQyHHcRUi brCk9Rdb7kA5dN4r7tMBQRQ9cJ8mWpGm6cNy3zZAmzNGnCTIKqW2+DtLqq0ZPwZ6 RQ/+6TyyUZy/r4h+FGx6 =Zyh5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists