CVE-2016-1457
First published: Thu Aug 18 2016(Updated: )
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Management Center | =4.10.3.9 | |
| Cisco Secure Firewall Management Center | =5.2.0 | |
| Cisco Secure Firewall Management Center | =5.3.0.4 | |
| Cisco Secure Firewall Management Center | =5.3.1 | |
| Cisco Secure Firewall Management Center | =5.4.0 | |
| Cisco Firepower Management Center Software | =4.10.3.9 | |
| Cisco Firepower Management Center Software | =5.2.0 | |
| Cisco Firepower Management Center Software | =5.3.0.4 | |
| Cisco Firepower Management Center Software | =5.3.1 | |
| Cisco Firepower Management Center Software | =5.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1457?
CVE-2016-1457 has been rated as a medium severity vulnerability.
How do I fix CVE-2016-1457?
To fix CVE-2016-1457, upgrade your Cisco Firepower Management Center or Cisco ASA software to the recommended versions that address the vulnerability.
Who is affected by CVE-2016-1457?
CVE-2016-1457 affects remote authenticated users of Cisco Firepower Management Center versions prior to 5.3.1.2 and 5.4.x before 5.4.0.1.
What are the potential impacts of CVE-2016-1457?
Exploitation of CVE-2016-1457 could allow authenticated attackers to execute arbitrary commands on the affected system.
Are there any workarounds for CVE-2016-1457?
There are no specific workarounds for CVE-2016-1457 other than applying the available software updates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure firewall management center
- version/cisco secure firewall management center/4.10.3.9
- version/cisco secure firewall management center/5.2.0
- version/cisco secure firewall management center/5.3.0.4
- version/cisco secure firewall management center/5.3.1
- version/cisco secure firewall management center/5.4.0
- canonical/cisco firepower management center software
- version/cisco firepower management center software/4.10.3.9
- version/cisco firepower management center software/5.2.0
- version/cisco firepower management center software/5.3.0.4
- version/cisco firepower management center software/5.3.1
- version/cisco firepower management center software/5.4.0