Improper Authentication in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2019-16028
Published: January 24, 2020
Vulnerability identifier: #VU24526
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-16028
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. A remote attacker can send specially crafted HTTP requests and gain administrative access to the web-based management interface of the affected device.
How to mitigate CVE-2019-16028
Install updates from vendor's website or update to following patches:
- Sourcefire_3D_Defense_Center_S3_Hotfix_ES-6.1.0.8-2.sh
- Sourcefire_3D_Defense_Center_S3_Hotfix_DO-6.2.3.16-3.sh.REL.tar
- Cisco_Firepower_Mgmt_Center_Hotfix_AI-6.3.0.6-2.sh.REL.tar
- Cisco_Firepower_Mgmt_Center_Hotfix_U-6.4.0.7-2.sh.REL.tar (for releases 6.4.0.5 and later)
- Cisco_Firepower_Mgmt_Center_Hotfix_T-6.4.0.5-1.sh.REL.tar (for releases 6.4.0.4 and earlier)