CVE-2016-6434
HIGHCisco Firepower Management Center 6.0.1 - Info Disclosure
Title source: llmDescription
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
Exploits (1)
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
Various Sources x_refsource_misc
https://www.korelogic.com/Resources/Advisories/KL-001-2016-005.txt
Various Sources x_refsource_misc
https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93412
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40465/
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
59.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
cisco/secure_firewall_management_center
6.0.1
Published
Oct 06, 2016
Tracked Since
Feb 18, 2026