What is CVE-2016-1413?

CVE-2016-1413 is a medium-severity vulnerability in Cisco Secure_firewall_management_center, classified under Code Injection. CVSS score: 6.5/10. Published 2016-05-28.

How severe is CVE-2016-1413?

Medium severity. CVSS v3 base score is 6.5 out of 10.

RCE in Cisco Secure_firewall_management_center

CVE-2016-1413

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (52.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Cisco Secure_firewall_management_center — versions 5.4.0, 5.4.0.2, 5.4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

20160527 Cisco Firepower Management Center Web Interface Code Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1413?: CVE-2016-1413 is a medium-severity vulnerability in Cisco Secure_firewall_management_center, classified under Code Injection. CVSS score: 6.5/10. Published 2016-05-28.
How severe is CVE-2016-1413?: Medium severity. CVSS v3 base score is 6.5 out of 10.