CVE-2016-1458

Published: Aug 18, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

Affected (5)

Products: Cisco: Secure Firewall Management Center

Cisco

1 product

Secure Firewall Management Center

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Firewall Management Center	Version 4.10.3
Cisco Secure Firewall Management Center	Version 5.2.0
Cisco Secure Firewall Management Center	Version 5.3.0
Cisco Secure Firewall Management Center	Version 5.3.1
Cisco Secure Firewall Management Center	Version 5.4.0

Related CWEs

CWE-264

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92512

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92512

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.