ID de Prueba:	1.3.6.1.4.1.25623.1.0.106335
Categoría:	CISCO
Título:	Cisco Firepower Management Center Console Local File Inclusion Vulnerability
Resumen:	A vulnerability in the web console of Cisco Firepower Management Center; could allow an authenticated, remote attacker to access sensitive information.
Descripción:	Summary: A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. Vulnerability Insight: The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. Vulnerability Impact: An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6435 BugTraq ID: 93421 http://www.securityfocus.com/bid/93421 Cisco Security Advisory: 20161005 Cisco Firepower Management Center Console Local File Inclusion Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 https://www.exploit-db.com/exploits/40464/ https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.