SQL injection in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2016-6419
Published: September 28, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU804
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6419
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Detailed vulnerability description
The vulnerability allows a remote authenticated user to perform SQL injection on the target system.
The weakness is caused by insufficient input validation. Attackers can send a specially crafted SQL request that causes modification of the SQL database used by the Firepower Management Center.
Successful exploiatation of the vulnerability results in SQL injection on the vulnerable system.
The weakness is caused by insufficient input validation. Attackers can send a specially crafted SQL request that causes modification of the SQL database used by the Firepower Management Center.
Successful exploiatation of the vulnerability results in SQL injection on the vulnerable system.
How to mitigate CVE-2016-6419
Update to version 5.3.0.3;
Update to version 5.3.1.2;
Update to version 5.4.0.1;
Update to version 5.4.1;
Update to version 6.0.0.
Update to version 5.3.1.2;
Update to version 5.4.0.1;
Update to version 5.4.1;
Update to version 6.0.0.