CVE-2016-6365: XSS
First published: Tue Aug 23 2016(Updated: )
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Management Center | =4.10.3 | |
| Cisco Secure Firewall Management Center | =5.2.0 | |
| Cisco Secure Firewall Management Center | =5.3.0 | |
| Cisco Secure Firewall Management Center | =5.3.0.2 | |
| Cisco Secure Firewall Management Center | =5.3.1 | |
| Cisco Secure Firewall Management Center | =5.4.0 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =4.10.3 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =5.2.0 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =5.3.0 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =5.3.0.2 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =5.3.1 | |
| Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software | =5.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6365?
CVE-2016-6365 is classified as a high-severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2016-6365?
To fix CVE-2016-6365, update the Cisco Firepower Management Center to a version that is not vulnerable.
What versions of Cisco Firepower Management Center are affected by CVE-2016-6365?
CVE-2016-6365 affects Cisco Firepower Management Center versions 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0.
Can CVE-2016-6365 be exploited remotely?
Yes, CVE-2016-6365 allows remote attackers to inject arbitrary web scripts or HTML.
What are the potential impacts of CVE-2016-6365?
The impacts of CVE-2016-6365 can include data theft, session hijacking, and other malicious actions through XSS.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure firewall management center
- version/cisco secure firewall management center/4.10.3
- version/cisco secure firewall management center/5.2.0
- version/cisco secure firewall management center/5.3.0
- version/cisco secure firewall management center/5.3.0.2
- version/cisco secure firewall management center/5.3.1
- version/cisco secure firewall management center/5.4.0
- canonical/cisco firepower management center (fmc) and firepower threat defense (ftd) software
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/4.10.3
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.2.0
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.3.0
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.3.0.2
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.3.1
- version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.4.0