Main Vulnerability Database Vulnerabilities #VU784

Arbitrary Command Execution - CVE-2016-6433

Published: October 5, 2016 / Updated: October 7, 2016

Vulnerability identifier: #VU784

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2016-6433

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary commands on the target system.
The weakness exists due to insufficient input validation. Sending a specially crafted parameters to the web application an authenticated attacker can access the affected system and execute arbitrary commands.
Successful exploitation of the vulnerability results in arbitrary commands execution on the vulnerable system.

How to mitigate CVE-2016-6433

The vendor has issued a fix, available at
https://sso.cisco.com/autho/forms/CDClogin.html

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc

Arbitrary Command Execution - CVE-2016-6433

Detailed vulnerability description

How to mitigate CVE-2016-6433

Sources

Please verify you're human