Test ID:	1.3.6.1.4.1.25623.1.0.106333
Category:	CISCO
Title:	Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
Summary:	A vulnerability in Cisco Firepower Threat Management Console could allow an; authenticated, remote attacker to execute arbitrary commands on a targeted system.
Description:	Summary: A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system. Vulnerability Insight: The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web user to run arbitrary system commands as the www user account on the server. Vulnerability Impact: An attacker with user privileges on the web application may be able to leverage this vulnerability to gain access to the underlying operating system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6433 BugTraq ID: 93414 http://www.securityfocus.com/bid/93414 Cisco Security Advisory: 20161005 Cisco Firepower Threat Management Console Remote Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc https://www.exploit-db.com/exploits/40463/ https://www.exploit-db.com/exploits/41041/ http://packetstormsecurity.com/files/140467/Cisco-Firepower-Management-Console-6.0-Post-Authentication-UserAdd.html https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-007.txt
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.