CVE-2016-6435

MEDIUM

Cisco Firepower Management Center 6.0.1 - Info Disclosure

Title source: llm

Description

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.

Exploits (2)

exploitdb WRITEUP

by KoreLogic · textwebappscgi

https://www.exploit-db.com/exploits/40464

View Code ZIP pw:eip

metasploit WORKING POC

by Matt, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_firepower_download.rb

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40464/

Various Sources x_refsource_misc

https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt

Various Sources x_refsource_misc

https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93421

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2

Scores

CVSS v3 6.5

EPSS 0.5503

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

cisco/secure_firewall_management_center 6.0.1

Published Oct 06, 2016

Tracked Since Feb 18, 2026