Test ID:	1.3.6.1.4.1.25623.1.0.106302
Category:	CISCO
Title:	Cisco FireSIGHT System Software Privilege Escalation Vulnerability
Summary:	A vulnerability in the web framework of the Cisco Firepower Management Center;running on Cisco FireSIGHT System Software could allow authenticated, remote attackers to elevate privileges;to access data outside their roles.
Description:	Summary: A vulnerability in the web framework of the Cisco Firepower Management Center running on Cisco FireSIGHT System Software could allow authenticated, remote attackers to elevate privileges to access data outside their roles. Vulnerability Insight: The vulnerability is due to improper authorization checks for authenticated users of the system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected web page. Vulnerability Impact: Successful exploitation could allow attackers to access sensitive information for which they are not authorized by the Firepower Management Center. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6420 BugTraq ID: 93204 http://www.securityfocus.com/bid/93204 Cisco Security Advisory: 20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1 http://www.securitytracker.com/id/1036919
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.