Test ID:	1.3.6.1.4.1.25623.1.0.106335
Category:	CISCO
Title:	Cisco Firepower Management Center Console Local File Inclusion Vulnerability
Summary:	A vulnerability in the web console of Cisco Firepower Management Center; could allow an authenticated, remote attacker to access sensitive information.
Description:	Summary: A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. Vulnerability Insight: The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. Vulnerability Impact: An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6435 BugTraq ID: 93421 http://www.securityfocus.com/bid/93421 Cisco Security Advisory: 20161005 Cisco Firepower Management Center Console Local File Inclusion Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2 https://www.exploit-db.com/exploits/40464/ https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.