CVE-2016-6433

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.

Published: Oct 6, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-6433
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / secure_firewall_management_center	5.2.0	5.2.0.x
cisco / secure_firewall_management_center	5.3.0	5.3.0.x
cisco / secure_firewall_management_center	5.3.0.2	5.3.0.2.x
cisco / secure_firewall_management_center	5.3.0.3	5.3.0.3.x
cisco / secure_firewall_management_center	5.3.0.4	5.3.0.4.x
cisco / secure_firewall_management_center	5.3.1	5.3.1.x
cisco / secure_firewall_management_center	5.3.1.3	5.3.1.3.x
cisco / secure_firewall_management_center	5.3.1.4	5.3.1.4.x
cisco / secure_firewall_management_center	5.3.1.5	5.3.1.5.x
cisco / secure_firewall_management_center	5.3.1.6	5.3.1.6.x
cisco / secure_firewall_management_center	5.4.0	5.4.0.x
cisco / secure_firewall_management_center	5.4.0.2	5.4.0.2.x
cisco / secure_firewall_management_center	5.4.1	5.4.1.x
cisco / secure_firewall_management_center	5.4.1.1	5.4.1.1.x
cisco / secure_firewall_management_center	5.4.1.2	5.4.1.2.x
cisco / secure_firewall_management_center	5.4.1.3	5.4.1.3.x
cisco / secure_firewall_management_center	5.4.1.4	5.4.1.4.x
cisco / secure_firewall_management_center	5.4.1.5	5.4.1.5.x
cisco / secure_firewall_management_center	5.4.1.6	5.4.1.6.x
cisco / secure_firewall_management_center	6.0.1	6.0.1.x

Vulnerability Database

308,379

CVE-2016-6433

Deep Security Visibility Without the Complexity