Information disclosure in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2017-6673
Published: June 8, 2017
Vulnerability identifier: #VU6988
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6673
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists in the Cisco Firepower Management Center logging function due to verbose output in HTTP log files. A remote attacker can retrieve the log files from an affected system and use the information to perform reconnaissance and conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the Cisco Firepower Management Center logging function due to verbose output in HTTP log files. A remote attacker can retrieve the log files from an affected system and use the information to perform reconnaissance and conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6673
Update to version 6.2.0.