CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
98.4%
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information.
The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allow an authenticated console user to access files that are readable by the www user on the server. An attacker who has user privileges for the web console could leverage this vulnerability to read some of the files on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firepower_management_center | 6.0 | cpe:2.3:a:cisco:firepower_management_center:6.0:*:*:*:*:*:*:* |
cisco | firepower_management_center | 6.0.1 | cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
98.4%