SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco ASA Vendors:   Cisco
Cisco ASA 5500-X Series with FirePOWER Services Access Control Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System
SecurityTracker Alert ID:  1036642
SecurityTracker URL:  http://securitytracker.com/id/1036642
CVE Reference:   CVE-2016-1457   (Links to External Site)
Date:  Aug 17 2016
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5500-X Series with FirePOWER Services; 4.10.3.9, 5.2.0, 5.3.0.4, 5.3.1, 5.4.0
Description:   A vulnerability was reported in Cisco ASA 5500-X Series with FirePOWER Services. A remote authenticated user can execute arbitrary commands on the target system.

A remote authenticated user can send specially crafted HTTP requests to the web interface to trigger an access control flaw and execute arbitrary commands on the target system with root privileges.

The vendor has assigned bug ID CSCur25513 to this vulnerability.

Impact:   A remote authenticated user can execute arbitrary commands on the target system with root privileges.
Solution:   The vendor has issued a fix (5.3.1.2, 5.4.0.1, 5.4.1, 6.0.0).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC