A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local malicious user to bypass authentication and access sensitive information. The vulnerability is due to the use of static credentials by the database on an affected system. An authenticated user who can access the command-line interface (CLI) for an affected system may be able to leverage this vulnerability to access information in the database directly from a local shell. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco firepower management center 6.0.1 |