CRITICAL✓ PATCH🇬🇧 English

CVE-2019-16028

CVSS 9.8v3.1pub. 2020-09-23upd. 2024-11-26

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Secure Firewall Management Center

    APP
    Cisco
    < 6.2.3.166.3.0 – 6.3.0.6 (bez)6.4.0 – 6.4.0.7 (bez)6.5.0 – 6.5.0.2 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE przez insecure deserialization w Cisco Secure Firewall Management Center

CVE-2025-20265CRITICAL10.0PL ✓ten sam produkt

RCE przez RADIUS w Cisco Secure Firewall Management Center

CVE-2024-20424CRITICAL9.9PL ✓ten sam produkt

Command injection w Cisco Secure Firewall Management Center — RCE jako root

CVE-2023-20048CRITICAL9.9ten sam produkt

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow ...

CVE-2020-3318CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent So...