—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

Cisco Firepower Management Center Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20160817-firepower

Revision 1.0:

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJXtHJ/AAoJEK89gD3EAJB5ve4QAK95Ceao/vCkUXcTrU74nbAa
/iU1pUxN7VdqXFHDTRth7tyQYTeykn9xKjbw46I3PjLkr6yQ90r2tUvb80No9HiQ
+PhTqYsI5xru4bJOvRRasOqYK7AqdJqlE/jx7MRPnY4RYcaAgXdX/+87MfEE2qqD
DnypfDFOfkFaOCXqgqpZPGk5lqljJ2lONih8stkEpDpNB/xUxESgtLHoxyurDiqA
9UYVir29xnQSWYVMwJDkx/ejjOGzj875efxsRiYyKSD8bauuBkqjXbc0vUWM4maL
549tnm8B15kkkslyDnrZreRYsQQilcRg7zNQF8HTMPNhOVad7PtTLydCv/ObHvnh
k9Qq2304f5iL/oi4xvJkFqcmJ9GojSUkdLZtWvSPEdQKSYvtUWGG1B8nva6v8dTP
yjD15d+Sp8J8WyW5sMVRLhdyWLugbWJ/IVgehrOv7POPca91NIByqJR74RU3pU8N
HZ5N4dscJouqx9WvBwuKoGags++3HWv9cDzgCaGn7iATu5LKJk6h4hB7I667dIdt
ZtfHxuDV8Zwx+xxHSEPvhap/EjnAUeCNna+q6/8VA2cPrdh1SW4tDyVMYakHLZlp
jD8qgfaNysYnidJIP855xD6asY+sFFgHYJLUg3FeEmB0utnxOazQDP9x+owNAquj
1ZrlfLwWvg5YcUdn8uOI
=TMYb
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

Cisco Firepower Management Center Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160817-fmc

Revision 1.0

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

+———————————————————————

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device.

The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJXtGo1AAoJEK89gD3EAJB5v5EQAJ8zglRCRCJGkG3rhOCRX4DX
drtIbjxvnY+eDZqwuv8UtWIx/vMbjbn5/U4Ns8igngPQUbjhDLYIf5gFNqOVd3tn
VagiZDXE3gWXUXMYrWv/vDlWDqvQUvsQAxKmeC1LzlVolJE3i9xx1UDcpHUhLxs3
fRuiIiom6fJvjM6T8F0zTl/ycvpBRt9yaPM51caq3CmsoiCyM5R0pyucuN/qckBi
D4R59eAytNh2ItvdfK4uDQ6oYanfv2+19oX1QuALExgKcKyEC69fM+/3O82hjoj4
0o9W1fj3UzjrB4PS7fiDlxrT5uEq+l/Cxu+i30u4qNMivIAL+FT+36KfOb0+qx5W
0qNJ5pZGIEGOATkKwJznmHCI4D7QKPiAJ5NPvmgHk0BD2vM9xpKKR6a2vWDdFnxr
Qg+rwXSLfmHX52AIhc5CaeaGZ9y1Fuc6oqctG7pfqZ78fTCMXDQjhk59NwHXJekb
1JalIiwdSXGE6Ey0tLO+mi3y1oJmGC7z7jL8xa4nTGF5Tzuopzkzv/Ky9pICf370
V1Xs04QQCZvYKZjho5xTroVGJ25COBq2b0dVdBYlndPhsrRdLKWjKboyQyHHcRUi
brCk9Rdb7kA5dN4r7tMBQRQ9cJ8mWpGm6cNy3zZAmzNGnCTIKqW2+DtLqq0ZPwZ6
RQ/+6TyyUZy/r4h+FGx6
=Zyh5
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com