CVE-2016-1458 — Vulnetix

CVE-2016-1458 PUBLISHED CVSS 8.800000190734863 HIGH

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

EPSS 0.29% · 52.4th percentile

Risk Scores

CVSS 3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.29%

52.4th percentile

Affected Products

Vendor	Product	Versions
Cisco	N/A
cisco	secure_firewall_management_center	5.4.0, 4.10.3, 5.2.0
Cisco	Unified Communications Manager
n/a	n/a	n/a
Cisco	IP Phone
Cisco	Identity Services Engine

Exploit Intelligence

92512 (circl)
20160817 Cisco Firepower Management Center Privilege Escalation Vulnerability (circl)

Timeline

Aug 17, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

92512 vdb
20160817 Cisco Firepower Management Center Privilege Escalation Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2016-1458 advisory

Open in Interactive Console →