Test ID:	1.3.6.1.4.1.25623.1.0.106301
Category:	CISCO
Title:	Cisco Firepower Management Center Software Cross-Site Request Forgery Vulnerability
Summary:	A cross-site request forgery (CSRF) vulnerability for Cisco Firepower; Management Center Software could allow an unauthenticated, remote attacker to execute unwanted actions.
Description:	Summary: A cross-site request forgery (CSRF) vulnerability for Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to execute unwanted actions. Vulnerability Insight: The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. Vulnerability Impact: A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6417 BugTraq ID: 93199 http://www.securityfocus.com/bid/93199 Cisco Security Advisory: 20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc http://www.securitytracker.com/id/1036918
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.