What is the severity of CVE-2016-6433?

CVE-2016-6433 has a high severity rating due to the potential for arbitrary command execution by remote authenticated users.

How do I fix CVE-2016-6433?

To fix CVE-2016-6433, Cisco recommends upgrading to a patched version of the Cisco Firepower Management Center.

Which versions are affected by CVE-2016-6433?

CVE-2016-6433 affects Cisco Firepower Management Center versions 5.2.0 through 6.0.1.

What kind of vulnerability is CVE-2016-6433?

CVE-2016-6433 is a command injection vulnerability that allows attackers to execute arbitrary commands.

Who can exploit CVE-2016-6433?

CVE-2016-6433 can be exploited by remote authenticated users with access to the Threat Management Console.

Vulnerability/
CVE-2016-6433

critical

CWE

6/10/2016

26/11/2024

CVE-2016-6433: Input Validation

First published: Thu Oct 06 2016(Updated: )

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Secure Firewall Management Center	=5.2.0
Cisco Secure Firewall Management Center	=5.3.0
Cisco Secure Firewall Management Center	=5.3.0.2
Cisco Secure Firewall Management Center	=5.3.0.3
Cisco Secure Firewall Management Center	=5.3.0.4
Cisco Secure Firewall Management Center	=5.3.1
Cisco Secure Firewall Management Center	=5.3.1.3
Cisco Secure Firewall Management Center	=5.3.1.4
Cisco Secure Firewall Management Center	=5.3.1.5
Cisco Secure Firewall Management Center	=5.3.1.6
Cisco Secure Firewall Management Center	=5.4.0
Cisco Secure Firewall Management Center	=5.4.0.2
Cisco Secure Firewall Management Center	=5.4.1
Cisco Secure Firewall Management Center	=5.4.1.1
Cisco Secure Firewall Management Center	=5.4.1.2
Cisco Secure Firewall Management Center	=5.4.1.3
Cisco Secure Firewall Management Center	=5.4.1.4
Cisco Secure Firewall Management Center	=5.4.1.5
Cisco Secure Firewall Management Center	=5.4.1.6
Cisco Secure Firewall Management Center	=6.0.1
Cisco Firepower Management Center Software	=5.2.0
Cisco Firepower Management Center Software	=5.3.0
Cisco Firepower Management Center Software	=5.3.0.2
Cisco Firepower Management Center Software	=5.3.0.3
Cisco Firepower Management Center Software	=5.3.0.4
Cisco Firepower Management Center Software	=5.3.1
Cisco Firepower Management Center Software	=5.3.1.3
Cisco Firepower Management Center Software	=5.3.1.4
Cisco Firepower Management Center Software	=5.3.1.5
Cisco Firepower Management Center Software	=5.3.1.6
Cisco Firepower Management Center Software	=5.4.0
Cisco Firepower Management Center Software	=5.4.0.2
Cisco Firepower Management Center Software	=5.4.1
Cisco Firepower Management Center Software	=5.4.1.1
Cisco Firepower Management Center Software	=5.4.1.2
Cisco Firepower Management Center Software	=5.4.1.3
Cisco Firepower Management Center Software	=5.4.1.4
Cisco Firepower Management Center Software	=5.4.1.5
Cisco Firepower Management Center Software	=5.4.1.6
Cisco Firepower Management Center Software	=6.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6433?
CVE-2016-6433 has a high severity rating due to the potential for arbitrary command execution by remote authenticated users.
How do I fix CVE-2016-6433?
To fix CVE-2016-6433, Cisco recommends upgrading to a patched version of the Cisco Firepower Management Center.
Which versions are affected by CVE-2016-6433?
CVE-2016-6433 affects Cisco Firepower Management Center versions 5.2.0 through 6.0.1.
What kind of vulnerability is CVE-2016-6433?
CVE-2016-6433 is a command injection vulnerability that allows attackers to execute arbitrary commands.
Who can exploit CVE-2016-6433?
CVE-2016-6433 can be exploited by remote authenticated users with access to the Threat Management Console.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/event
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco secure firewall management center
version/cisco secure firewall management center/5.2.0
version/cisco secure firewall management center/5.3.0
version/cisco secure firewall management center/5.3.0.2
version/cisco secure firewall management center/5.3.0.3
version/cisco secure firewall management center/5.3.0.4
version/cisco secure firewall management center/5.3.1
version/cisco secure firewall management center/5.3.1.3
version/cisco secure firewall management center/5.3.1.4
version/cisco secure firewall management center/5.3.1.5
version/cisco secure firewall management center/5.3.1.6
version/cisco secure firewall management center/5.4.0
version/cisco secure firewall management center/5.4.0.2
version/cisco secure firewall management center/5.4.1
version/cisco secure firewall management center/5.4.1.1
version/cisco secure firewall management center/5.4.1.2
version/cisco secure firewall management center/5.4.1.3
version/cisco secure firewall management center/5.4.1.4
version/cisco secure firewall management center/5.4.1.5
version/cisco secure firewall management center/5.4.1.6
version/cisco secure firewall management center/6.0.1
canonical/cisco firepower management center software
version/cisco firepower management center software/5.2.0
version/cisco firepower management center software/5.3.0
version/cisco firepower management center software/5.3.0.2
version/cisco firepower management center software/5.3.0.3
version/cisco firepower management center software/5.3.0.4
version/cisco firepower management center software/5.3.1
version/cisco firepower management center software/5.3.1.3
version/cisco firepower management center software/5.3.1.4
version/cisco firepower management center software/5.3.1.5
version/cisco firepower management center software/5.3.1.6
version/cisco firepower management center software/5.4.0
version/cisco firepower management center software/5.4.0.2
version/cisco firepower management center software/5.4.1
version/cisco firepower management center software/5.4.1.1
version/cisco firepower management center software/5.4.1.2
version/cisco firepower management center software/5.4.1.3
version/cisco firepower management center software/5.4.1.4
version/cisco firepower management center software/5.4.1.5
version/cisco firepower management center software/5.4.1.6
version/cisco firepower management center software/6.0.1

CVE-2016-6433: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6433?

How do I fix CVE-2016-6433?

Which versions are affected by CVE-2016-6433?

What kind of vulnerability is CVE-2016-6433?

Who can exploit CVE-2016-6433?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-6433?

How do I fix CVE-2016-6433?

Which versions are affected by CVE-2016-6433?

What kind of vulnerability is CVE-2016-6433?

Who can exploit CVE-2016-6433?