CVE-2016-6435

This Metasploit module exploits a directory traversal vulnerability (CVE-2016-6435) in Cisco Firepower Management Console 6.0, allowing authenticated users to download arbitrary files from the system. It authenticates with provided credentials, then uses a crafted request to traverse directories and retrieve files.

This advisory describes a local file inclusion vulnerability in Cisco Firepower Threat Management Console, allowing authenticated users to read arbitrary files via path traversal in the 'files' parameter. The PoC demonstrates accessing '/etc/passwd' through a crafted HTTP request.