CVE-2016-6433

This Metasploit module exploits CVE-2016-6433, a post-authentication vulnerability in Cisco Firepower Management Console 6.0.1, allowing the creation of a backdoor SSH account via improper useradd binary execution. It authenticates, creates a malicious user, and leverages SSH for command execution.

This exploit demonstrates an authenticated remote command execution vulnerability in Cisco Firepower Threat Management Console. It leverages an unrestricted file upload to execute arbitrary commands as the www user, which can then escalate to root via sudo privileges.

This Metasploit module exploits a post-authentication vulnerability in Cisco Firepower Management Console 6.0.1 to create a backdoor SSH account via the useradd binary. It leverages a configuration flaw allowing the www user to execute arbitrary commands.