Search criteria
105 vulnerabilities found for firesight_system_software by cisco
FKIE_CVE-2017-6766
Vulnerability from fkie_nvd - Published: 2017-08-07 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.1 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | firesight_system_software | 6.2.0 | |
| cisco | firesight_system_software | 6.2.1 | |
| cisco | firesight_system_software | 6.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBDE0A2-5ECA-4287-8A70-235C1E17FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4153DE2F-B331-4FA6-B16D-3C2D975FD887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad Secure Sockets Layer (SSL) Decryption and Inspection de Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1 y 6.2.2 podr\u00eda permitir que un atacante remoto sin autenticar eluda la pol\u00edtica SSL para descifrar e inspeccionar tr\u00e1fico en un sistema afectado. La vulnerabilidad se debe a una interacci\u00f3n inesperada con las opciones de configuraci\u00f3n Known Key y Decrypt and Resign de las pol\u00edticas SSL cuando el software afectado recibe cabeceras de paquetes SSL inesperadas. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete SSL manipulado a trav\u00e9s de un dispositivo afectado en una sesi\u00f3n SSL v\u00e1lida. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda eludir la pol\u00edtica de descifrado e inspecci\u00f3n SSL para el sistema afectado, lo que podr\u00eda permitir que el tr\u00e1fico fluyese a trav\u00e9s del sistema sin ser inspeccionado. Cisco Bug IDs: CSCve12652."
}
],
"id": "CVE-2017-6766",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T06:29:00.730",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6735
Vulnerability from fkie_nvd - Published: 2017-07-10 20:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/99460 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038826 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038826 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.2.0 | |
| cisco | firesight_system_software | 6.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBDE0A2-5ECA-4287-8A70-235C1E17FA68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad backup y restore de Cisco FireSIGHT System Software, podr\u00eda permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario en un sistema destino. M\u00e1s informaci\u00f3n: CSCvc91092. Versiones afectadas conocidas: 6.2.0 y 6.2.1."
}
],
"id": "CVE-2017-6735",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-10T20:29:00.783",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99460"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9193
Vulnerability from fkie_nvd - Published: 2016-12-14 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/94801 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1037421 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94801 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037421 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.0.0 | |
| cisco | firesight_system_software | 6.0.0.1 | |
| cisco | firesight_system_software | 6.0.1 | |
| cisco | firesight_system_software | 6.0.1.1 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | secure_firewall_management_center | 6.0.0 | |
| cisco | secure_firewall_management_center | 6.0.0.0 | |
| cisco | secure_firewall_management_center | 6.0.0.1 | |
| cisco | secure_firewall_management_center | 6.0.1 | |
| cisco | secure_firewall_management_center | 6.0.1.1 | |
| cisco | secure_firewall_management_center | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB492B2E-2CE6-4D29-9D82-D40A2B9508B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B764E48A-C748-4451-8E81-DD8B62B4BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E4035-E8E2-4964-A6F4-7292E1804E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF40DB44-C213-466E-B473-B07B30A42B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD6283-CC58-4864-AA24-F6C6DDE630FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1AFAC1-419D-4ADB-868B-1544BED58B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4EB1FD-690B-4F8C-A559-BC76CA5FDEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las caracter\u00edsticas de detecci\u00f3n y bloqueo de archivos maliciosos de Cisco Firepower Management Center y Cisco FireSIGHT System Software podr\u00eda permitir a un atacante remoto no autenticado eludir los mecanismos de detecci\u00f3n de malware en un dispositivo afectado. Productos Afectados: Cisco Firepower Management Center y FireSIGHT System Software son afectados cuando est\u00e1n configurados para utilizar una pol\u00edtica de archivos con la acci\u00f3n Block Malware. M\u00e1s Informaci\u00f3n: CSCvb27494. Lanzamientos Afectados Conocidos: 6.0.1.1 6.1.0."
}
],
"id": "CVE-2016-9193",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-14T00:59:16.973",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037421"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6471
Vulnerability from fkie_nvd - Published: 2016-12-14 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/94805 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1037411 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94805 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037411 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "17719ED0-2836-4466-A5D8-D6EA699B4C08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
},
{
"lang": "es",
"value": "Una vulnerabilidad la interfaz de administraci\u00f3n basada en web de Cisco Firepower Management Center funcionando con el software FireSIGHT System puede permitir a un atacante remoto no autenticado ver la Remote Storage Password. M\u00e1s informaci\u00f3n: CSCvb19366. Lanzamientos Afectados Conocidos: 5.4.1.6."
}
],
"id": "CVE-2016-6471",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-14T00:59:11.753",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037411"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6460
Vulnerability from fkie_nvd - Published: 2016-11-19 03:03 - Updated: 2025-04-12 10:46
Severity ?
Summary
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/94359 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94359 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.0.2 | |
| cisco | firesight_system_software | 5.4.1.1 | |
| cisco | firesight_system_software | 5.4.1.6 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | firesight_system_software | 6.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA2DD6D-8C76-445E-BC92-C162D6B95647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "17719ED0-2836-4466-A5D8-D6EA699B4C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el FTP Representational State Transfer Application Programming Interface (REST API) para Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado, eludir las reglas de detecci\u00f3n de malware de FTP y descargar malware a trav\u00e9s de una conexi\u00f3n FTP. Cisco Firepower System Software est\u00e1 afectado cuando el dispositivo tiene una pol\u00edtica de archivo con bloqueo de malware configurado para conexiones FTP. M\u00e1s informaci\u00f3n: CSCuv36188 CSCuy91156. Lanzamientos conocidos afectados: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Lanzamientos conocidos solucionados: 6.0.0."
}
],
"id": "CVE-2016-6460",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-19T03:03:03.537",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6417
Vulnerability from fkie_nvd - Published: 2016-10-05 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4873587D-6F9C-46E2-87B7-ADD688533BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0E3DD9-6C10-4D5E-B0B2-E55A666CAAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD4E4F3-8BE4-4405-A3F3-D39B373E6B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1EE44C-7C18-41E5-B116-D8375306FF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D002467-393F-4C80-AC59-BED0ECBDD7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEE74A5-1085-4AAF-A492-BAEC226CF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6BDAC5-17DA-4937-8FC7-89FA830FC32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05553318-B493-4520-9D88-B8EF34162910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA5BE4-8312-4831-9D38-3F4FCBFB837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F0746-ADBA-4DE9-95D6-BC69611BC830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D1B9C-FFEE-41EF-AC92-646D035DDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D343B1D6-B4D6-40B8-A5CE-7A3C0D197C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE3A605-A639-4D38-91A7-CD7549D9C97C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3632502D-0569-4B7D-8942-515FCFE1062B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31C9342A-5AD8-4DCE-8972-307740620CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B062C5-97CC-43A7-8419-0DB8BED36A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "78AE978B-C049-4BE3-87CD-486243C023BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 4.10.2 hasta la versi\u00f3n 6.1.0 y Firepower Management Center permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva21636."
}
],
"id": "CVE-2016-6417",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T17:59:06.820",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/93199"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036918"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6420
Vulnerability from fkie_nvd - Published: 2016-10-05 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 4.10.3 | |
| cisco | firesight_system_software | 5.2.0 | |
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.1 | |
| cisco | firesight_system_software | 5.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6BDAC5-17DA-4937-8FC7-89FA830FC32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 4.10.3 hasta la versi\u00f3n 5.4.0 en Firepower Management Center permite a usuarios remotos autenticados eludir comprobaciones de autorizaci\u00f3n y obtener privilegios a trav\u00e9s de una petici\u00f3n HTTP manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCur25467."
}
],
"id": "CVE-2016-6420",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:20.550",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036919"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6411
Vulnerability from fkie_nvd - Published: 2016-09-24 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
},
{
"lang": "es",
"value": "Cisco Firepower Management Center y FireSIGHT System Software 6.0.1 maneja de forma incorrecta las comparaciones entre URLs y certificados X.509, lo que permite a atacantes remotos eludir configuraciones destinadas al no-descifrado a trav\u00e9s de una URL manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva50585."
}
],
"id": "CVE-2016-6411",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-24T01:59:04.057",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036877"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6396
Vulnerability from fkie_nvd - Published: 2016-09-12 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
},
{
"lang": "es",
"value": "Cisco Firepower Management Center en versiones anteriores a 6.1 y FireSIGHT System Software en versiones anteriores a 6.1, permite a atacantes remotos, cuando ciertas opciones de bloqueo de malware est\u00e1n habilitadas, eludir la detecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz44482."
}
],
"id": "CVE-2016-6396",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:09.523",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036756"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6395
Vulnerability from fkie_nvd - Published: 2016-09-12 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de administraci\u00f3n basada en web en Cisco Firepower Management Center en versiones anteriores a 6.1 y FireSIGHT System Software en versiones anteriores a 6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz58658."
}
],
"id": "CVE-2016-6395",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:08.227",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036755"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6394
Vulnerability from fkie_nvd - Published: 2016-09-12 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cisco Firepower Management Center y Cisco FireSIGHT System Software hasta la versi\u00f3n 6.1.0 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de un identificador de sesi\u00f3n, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz80503."
}
],
"id": "CVE-2016-6394",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:07.287",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/92825"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036757"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-6766 (GCVE-0-2017-6766)
Vulnerability from cvelistv5 – Published: 2017-08-07 06:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower System Software |
Affected:
Cisco Firepower System Software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T05:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652",
"refsource": "CONFIRM",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6766",
"datePublished": "2017-08-07T06:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6735 (GCVE-0-2017-6735)
Vulnerability from cvelistv5 – Published: 2017-07-10 20:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco FireSIGHT System Software |
Affected:
Cisco FireSIGHT System Software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT System Software"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT System Software",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6735",
"datePublished": "2017-07-10T20:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9193 (GCVE-0-2016-9193)
Vulnerability from cvelistv5 – Published: 2016-12-14 00:37 – Updated: 2024-08-06 02:42
VLAI?
Summary
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco FireSIGHT |
Affected:
Cisco FireSIGHT
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9193",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6471 (GCVE-0-2016-6471)
Vulnerability from cvelistv5 – Published: 2016-12-14 00:37 – Updated: 2024-08-06 01:29
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower Management Center |
Affected:
Cisco Firepower Management Center
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Management Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower Management Center"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower Management Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94805"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6471",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6460 (GCVE-0-2016-6460)
Vulnerability from cvelistv5 – Published: 2016-11-19 02:45 – Updated: 2024-08-06 01:29
VLAI?
Summary
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower System Software 5.4.0.2 through 6.2.0 |
Affected:
Cisco Firepower System Software 5.4.0.2 through 6.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
],
"datePublic": "2016-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94359"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6460",
"datePublished": "2016-11-19T02:45:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6417 (GCVE-0-2016-6417)
Vulnerability from cvelistv5 – Published: 2016-10-05 17:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036918",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6417",
"datePublished": "2016-10-05T17:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6420 (GCVE-0-2016-6420)
Vulnerability from cvelistv5 – Published: 2016-10-05 10:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6420",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6411 (GCVE-0-2016-6411)
Vulnerability from cvelistv5 – Published: 2016-09-24 01:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6411",
"datePublished": "2016-09-24T01:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6395 (GCVE-0-2016-6395)
Vulnerability from cvelistv5 – Published: 2016-09-12 10:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6395",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6396 (GCVE-0-2016-6396)
Vulnerability from cvelistv5 – Published: 2016-09-12 10:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "92826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6396",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6766 (GCVE-0-2017-6766)
Vulnerability from nvd – Published: 2017-08-07 06:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower System Software |
Affected:
Cisco Firepower System Software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T05:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652",
"refsource": "CONFIRM",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6766",
"datePublished": "2017-08-07T06:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6735 (GCVE-0-2017-6735)
Vulnerability from nvd – Published: 2017-07-10 20:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco FireSIGHT System Software |
Affected:
Cisco FireSIGHT System Software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT System Software"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT System Software",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6735",
"datePublished": "2017-07-10T20:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9193 (GCVE-0-2016-9193)
Vulnerability from nvd – Published: 2016-12-14 00:37 – Updated: 2024-08-06 02:42
VLAI?
Summary
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco FireSIGHT |
Affected:
Cisco FireSIGHT
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9193",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6471 (GCVE-0-2016-6471)
Vulnerability from nvd – Published: 2016-12-14 00:37 – Updated: 2024-08-06 01:29
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower Management Center |
Affected:
Cisco Firepower Management Center
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Management Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower Management Center"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower Management Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94805"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6471",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6460 (GCVE-0-2016-6460)
Vulnerability from nvd – Published: 2016-11-19 02:45 – Updated: 2024-08-06 01:29
VLAI?
Summary
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Firepower System Software 5.4.0.2 through 6.2.0 |
Affected:
Cisco Firepower System Software 5.4.0.2 through 6.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
],
"datePublic": "2016-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94359"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6460",
"datePublished": "2016-11-19T02:45:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6417 (GCVE-0-2016-6417)
Vulnerability from nvd – Published: 2016-10-05 17:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036918",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6417",
"datePublished": "2016-10-05T17:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6420 (GCVE-0-2016-6420)
Vulnerability from nvd – Published: 2016-10-05 10:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6420",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6411 (GCVE-0-2016-6411)
Vulnerability from nvd – Published: 2016-09-24 01:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6411",
"datePublished": "2016-09-24T01:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6395 (GCVE-0-2016-6395)
Vulnerability from nvd – Published: 2016-09-12 10:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6395",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}