VIR Vulnerability Intelligence Relay

CVE-2016-1458

high
Published 2016-08-18 · Modified 2026-05-06
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
9.0
VIR risk
8.8

Description

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower

Application impact
VendorProductVersionsFixed
cisco ciscosecure_firewall_management_center4.10.3
cisco ciscosecure_firewall_management_center5.2.0
cisco ciscosecure_firewall_management_center5.3.0
cisco ciscosecure_firewall_management_center5.3.1
cisco ciscosecure_firewall_management_center5.4.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.