CVE-2016-6435

MEDIUM

Cisco Firepower Management Center 6.0.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-6435. PoCs published by KoreLogic, Matt, sinn3r, including Metasploit module auxiliary/scanner/http/cisco_firepower_download.

AI-analyzed exploit summary This advisory describes a local file inclusion vulnerability in Cisco Firepower Threat Management Console, allowing authenticated users to read arbitrary files via path traversal in the 'files' parameter. The PoC demonstrates accessing '/etc/passwd' through a crafted HTTP request.

Description

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.

Exploits (2)

exploitdb WRITEUP

by KoreLogic · textwebappscgi

https://www.exploit-db.com/exploits/40464

View Code ZIP pw:eip

This advisory describes a local file inclusion vulnerability in Cisco Firepower Threat Management Console, allowing authenticated users to read arbitrary files via path traversal in the 'files' parameter. The PoC demonstrates accessing '/etc/passwd' through a crafted HTTP request.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cisco Firepower Threat Management Console (Cisco Fire Linux OS 6.0.1 build 37/build 1213)

Auth required

Prerequisites: Authenticated access to the Cisco Firepower Threat Management Console

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Matt, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_firepower_download.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability (CVE-2016-6435) in Cisco Firepower Management Console 6.0, allowing authenticated users to download arbitrary files from the system. It authenticates with provided credentials, then uses a crafted request to traverse directories and retrieve files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Cisco Firepower Management Console 6.0

Auth required

Prerequisites: Valid credentials for the Cisco Firepower Management Console · Network access to the target system

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40464/

Various Sources x_refsource_misc

https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt

Various Sources x_refsource_misc

https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93421

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2

Scores

CVSS v3 6.5

EPSS 0.3662

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

cisco/secure_firewall_management_center 6.0.1

Published Oct 06, 2016

Tracked Since Feb 18, 2026