CVE-2016-6395

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Firepower Management Center releases prior to 6.1 and Cisco FireSIGHT System Software releases prior to 6.1. The vulnerability is due to insufficient validation of user-supplied input, allowing malicious script or HTML to be injected via a crafted URL [1].

Exploitation

An authenticated, remote attacker can exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. The crafted URL must be delivered to a user who has valid credentials and is logged into the interface. The attacker does not require any special privileges beyond basic authentication [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the management interface or access sensitive browser-based information of the victim user. This could lead to session hijacking, credential theft, or other client-side attacks within the affected management console [1].

Mitigation

Cisco has released software updates addressing this vulnerability. Users should upgrade to Cisco Firepower Management Center release 6.1 or later, or Cisco FireSIGHT System Software release 6.1 or later. No workarounds are available [1].