Privilege Escalation via Crafted HTTP Requests in Cisco Firepower Management Center and Cisco Adaptive Security Appliance Software

Privilege Escalation via Crafted HTTP Requests in Cisco Firepower Management Center and Cisco Adaptive Security Appliance Software

CVE-2016-1458 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

Learn more about our Cis Benchmark Audit For Cisco.