CVE-2016-1458
Last modified
CVE-2016-1458 is a vulnerability of currently unknown severity. The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.. EPSS estimates a 2.40% chance of exploitation in the next 30 days.
Description
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Firewall Management Center | 4.10.3 |
| Cisco | Secure Firewall Management Center | 5.2.0 |
| Cisco | Secure Firewall Management Center | 5.3.0 |
| Cisco | Secure Firewall Management Center | 5.3.1 |
| Cisco | Secure Firewall Management Center | 5.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1458?
How severe is CVE-2016-1458?
How do I fix CVE-2016-1458?
Are you affected by CVE-2016-1458?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST