All the vulnerabilites related to cisco - firesight_system_software
cve-2016-6411
Vulnerability from cvelistv5
Published
2016-09-24 01:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036877 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036877",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"name": "20160921 Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6411",
"datePublished": "2016-09-24T01:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4302
Vulnerability from cvelistv5
Published
2015-08-19 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033279 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/76345 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=40432 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033279",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033279"
},
{
"name": "76345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76345"
},
{
"name": "20150813 Cisco FireSIGHT Management Center System Policy Deletion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033279",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033279"
},
{
"name": "76345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76345"
},
{
"name": "20150813 Cisco FireSIGHT Management Center System Policy Deletion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033279"
},
{
"name": "76345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76345"
},
{
"name": "20150813 Cisco FireSIGHT Management Center System Policy Deletion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4302",
"datePublished": "2015-08-19T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0739
Vulnerability from cvelistv5
Published
2015-05-19 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74709 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38905 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032359 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74709",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74709"
},
{
"name": "20150518 Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38905"
},
{
"name": "1032359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "74709",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74709"
},
{
"name": "20150518 Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38905"
},
{
"name": "1032359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74709"
},
{
"name": "20150518 Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38905"
},
{
"name": "1032359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0739",
"datePublished": "2015-05-19T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0707
Vulnerability from cvelistv5
Published
2015-04-23 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38487 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-23T01:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0707",
"datePublished": "2015-04-23T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6353
Vulnerability from cvelistv5
Published
2015-10-31 01:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1034040 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151029 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1"
},
{
"name": "1034040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151029 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1"
},
{
"name": "1034040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151029 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1"
},
{
"name": "1034040",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6353",
"datePublished": "2015-10-31T01:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6735
Vulnerability from cvelistv5
Published
2017-07-10 20:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038826 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99460 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco FireSIGHT System Software |
Version: Cisco FireSIGHT System Software |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT System Software"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT System Software",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"name": "1038826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038826"
},
{
"name": "99460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6735",
"datePublished": "2017-07-10T20:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1394
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91503 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91503"
},
{
"name": "20160629 Cisco Firepower System Software Static Credential Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "91503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91503"
},
{
"name": "20160629 Cisco Firepower System Software Static Credential Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91503"
},
{
"name": "20160629 Cisco Firepower System Software Static Credential Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1394",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1294
Vulnerability from cvelistv5
Published
2016-01-16 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034690 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034690"
},
{
"name": "20160115 Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034690"
},
{
"name": "20160115 Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034690"
},
{
"name": "20160115 Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1294",
"datePublished": "2016-01-16T02:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9193
Vulnerability from cvelistv5
Published
2016-12-14 00:37
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94801 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037421 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco FireSIGHT |
Version: Cisco FireSIGHT |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco FireSIGHT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco FireSIGHT"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco FireSIGHT",
"version": {
"version_data": [
{
"version_value": "Cisco FireSIGHT"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"name": "94801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94801"
},
{
"name": "1037421",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-9193",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-11-06T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6363
Vulnerability from cvelistv5
Published
2015-11-12 02:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034138 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034138"
},
{
"name": "20151111 Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034138"
},
{
"name": "20151111 Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034138"
},
{
"name": "20151111 Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6363",
"datePublished": "2015-11-12T02:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6471
Vulnerability from cvelistv5
Published
2016-12-14 00:37
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94805 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037411 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Firepower Management Center |
Version: Cisco Firepower Management Center |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Management Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower Management Center"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower Management Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94805"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"name": "1037411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6471",
"datePublished": "2016-12-14T00:37:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6420
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036919 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93204 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036919"
},
{
"name": "93204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6420",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6417
Vulnerability from cvelistv5
Published
2016-10-05 17:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036918 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/93199 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036918",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036918"
},
{
"name": "20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"name": "93199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6417",
"datePublished": "2016-10-05T17:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1293
Vulnerability from cvelistv5
Published
2016-01-16 02:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034689 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034689"
},
{
"name": "20160115 Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034689"
},
{
"name": "20160115 Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034689"
},
{
"name": "20160115 Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1293",
"datePublished": "2016-01-16T02:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0737
Vulnerability from cvelistv5
Published
2015-06-12 10:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38883 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032518 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150608 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38883"
},
{
"name": "1032518",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150608 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38883"
},
{
"name": "1032518",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150608 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38883"
},
{
"name": "1032518",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0737",
"datePublished": "2015-06-12T10:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6357
Vulnerability from cvelistv5
Published
2015-11-18 11:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034161 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc | vendor-advisory, x_refsource_CISCO | |
| http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html | x_refsource_MISC | |
| http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536913/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Nov/79 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034161"
},
{
"name": "20151116 Cisco FireSIGHT Management Center Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html"
},
{
"name": "20151116 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536913/100/0/threaded"
},
{
"name": "20151117 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034161"
},
{
"name": "20151116 Cisco FireSIGHT Management Center Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html"
},
{
"name": "20151116 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536913/100/0/threaded"
},
{
"name": "20151117 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/79"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034161",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034161"
},
{
"name": "20151116 Cisco FireSIGHT Management Center Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc"
},
{
"name": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html"
},
{
"name": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html",
"refsource": "MISC",
"url": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html"
},
{
"name": "20151116 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536913/100/0/threaded"
},
{
"name": "20151117 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/79"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6357",
"datePublished": "2015-11-18T11:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1368
Vulnerability from cvelistv5
Published
2016-05-05 21:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-05T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1368",
"datePublished": "2016-05-05T21:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0766
Vulnerability from cvelistv5
Published
2015-06-04 10:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032482 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150603 Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39171"
},
{
"name": "1032482",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150603 Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39171"
},
{
"name": "1032482",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150603 Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39171"
},
{
"name": "1032482",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0766",
"datePublished": "2015-06-04T10:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0773
Vulnerability from cvelistv5
Published
2015-06-12 10:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032542 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032542"
},
{
"name": "20150609 Cisco FireSIGHT Management Center Dashboard Deletion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user\u0027s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1032542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032542"
},
{
"name": "20150609 Cisco FireSIGHT Management Center Dashboard Deletion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user\u0027s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032542"
},
{
"name": "20150609 Cisco FireSIGHT Management Center Dashboard Deletion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0773",
"datePublished": "2015-06-12T10:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6394
Vulnerability from cvelistv5
Published
2016-09-12 10:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92825 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036757 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92825"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"name": "1036757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "92825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92825"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"name": "1036757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92825"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"name": "1036757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6394",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6460
Vulnerability from cvelistv5
Published
2016-11-19 02:45
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94359 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Firepower System Software 5.4.0.2 through 6.2.0 |
Version: Cisco Firepower System Software 5.4.0.2 through 6.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
],
"datePublic": "2016-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "94359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94359"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6460",
"datePublished": "2016-11-19T02:45:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6395
Vulnerability from cvelistv5
Published
2016-09-12 10:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036755 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92824 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036755"
},
{
"name": "92824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6395",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6427
Vulnerability from cvelistv5
Published
2015-12-18 11:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034488 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034488"
},
{
"name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034488"
},
{
"name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034488"
},
{
"name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6427",
"datePublished": "2015-12-18T11:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1355
Vulnerability from cvelistv5
Published
2016-03-03 15:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035188 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035188"
},
{
"name": "20160302 Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035188"
},
{
"name": "20160302 Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035188"
},
{
"name": "20160302 Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1355",
"datePublished": "2016-03-03T15:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6396
Vulnerability from cvelistv5
Published
2016-09-12 10:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92826 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036756 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "92826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"name": "1036756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036756"
},
{
"name": "20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-6396",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0706
Vulnerability from cvelistv5
Published
2015-04-23 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38486 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-23T01:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150422 Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0706",
"datePublished": "2015-04-23T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1356
Vulnerability from cvelistv5
Published
2016-03-03 22:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1035189 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160302 Cisco FireSIGHT System Software Convert Timing Channel Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"name": "1035189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160302 Cisco FireSIGHT System Software Convert Timing Channel Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"name": "1035189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160302 Cisco FireSIGHT System Software Convert Timing Channel Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"name": "1035189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1356",
"datePublished": "2016-03-03T22:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4270
Vulnerability from cvelistv5
Published
2015-07-14 17:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39879 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032887 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150713 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39879"
},
{
"name": "1032887",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150713 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39879"
},
{
"name": "1032887",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150713 Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39879"
},
{
"name": "1032887",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4270",
"datePublished": "2015-07-14T17:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1345
Vulnerability from cvelistv5
Published
2016-04-01 00:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035437 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1035439 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035438 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035437"
},
{
"name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"name": "1035439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035439"
},
{
"name": "1035438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035437"
},
{
"name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"name": "1035439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035439"
},
{
"name": "1035438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035437"
},
{
"name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"name": "1035439",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035439"
},
{
"name": "1035438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1345",
"datePublished": "2016-04-01T00:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6335
Vulnerability from cvelistv5
Published
2015-10-25 01:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033873 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033873",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033873"
},
{
"name": "20151019 Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033873",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033873"
},
{
"name": "20151019 Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033873",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033873"
},
{
"name": "20151019 Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6335",
"datePublished": "2015-10-25T01:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6354
Vulnerability from cvelistv5
Published
2015-10-31 01:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1034041 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151029 Cisco FireSIGHT Management Center HTML Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2"
},
{
"name": "1034041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151029 Cisco FireSIGHT Management Center HTML Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2"
},
{
"name": "1034041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151029 Cisco FireSIGHT Management Center HTML Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2"
},
{
"name": "1034041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6354",
"datePublished": "2015-10-31T01:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6419
Vulnerability from cvelistv5
Published
2015-12-12 16:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/79033 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79033"
},
{
"name": "20151211 Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "79033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79033"
},
{
"name": "20151211 Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79033"
},
{
"name": "20151211 Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6419",
"datePublished": "2015-12-12T16:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4242
Vulnerability from cvelistv5
Published
2015-07-08 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39643 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032806 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:12.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150707 Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39643"
},
{
"name": "1032806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150707 Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39643"
},
{
"name": "1032806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150707 Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39643"
},
{
"name": "1032806",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4242",
"datePublished": "2015-07-08T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:12.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6766
Vulnerability from cvelistv5
Published
2017-08-07 06:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw | x_refsource_CONFIRM | |
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Firepower System Software |
Version: Cisco Firepower System Software |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Firepower System Software"
}
]
}
],
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T05:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower System Software",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower System Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652",
"refsource": "CONFIRM",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6766",
"datePublished": "2017-08-07T06:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1463
Vulnerability from cvelistv5
Published
2016-07-28 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036471 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92152 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036471",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036471"
},
{
"name": "92152",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92152"
},
{
"name": "20160727 Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036471",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036471"
},
{
"name": "92152",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92152"
},
{
"name": "20160727 Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036471"
},
{
"name": "92152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92152"
},
{
"name": "20160727 Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1463",
"datePublished": "2016-07-28T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-04-01 00:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | asa_with_firepower_services | 5.4.0 | |
| cisco | asa_with_firepower_services | 5.4.0.1 | |
| cisco | asa_with_firepower_services | 5.4.0.2 | |
| cisco | asa_with_firepower_services | 5.4.0.3 | |
| cisco | asa_with_firepower_services | 5.4.0.4 | |
| cisco | asa_with_firepower_services | 5.4.0.5 | |
| cisco | asa_with_firepower_services | 5.4.0.6 | |
| cisco | asa_with_firepower_services | 6.0.0 | |
| cisco | asa_with_firepower_services | 6.0.0.1 | |
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.0.1 | |
| cisco | firesight_system_software | 5.4.0.2 | |
| cisco | firesight_system_software | 5.4.0.3 | |
| cisco | firesight_system_software | 5.4.0.4 | |
| cisco | firesight_system_software | 5.4.0.5 | |
| cisco | firesight_system_software | 5.4.0.6 | |
| cisco | firesight_system_software | 5.4.1 | |
| cisco | firesight_system_software | 5.4.1.2 | |
| cisco | firesight_system_software | 5.4.1.3 | |
| cisco | firesight_system_software | 5.4.1.4 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.0.1 | |
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C72F82-238A-496E-9B01-F545889DE972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB63124-15FC-434A-9BC3-B8072BB74DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC9D5C8-A2F7-4A4D-9672-BA92D3F70299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162DAB2-0866-4427-9B6D-58B025DFD0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E5901-A395-4208-B642-4DD23A6B63A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6488E2-4B6A-4C93-A9CF-AA32013A1605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08314129-10D6-421C-AEE1-348460EBDD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2239F826-AAFA-4354-9BED-2C33AEF983D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0275E2F5-30EF-4D0D-A0CC-BFEB0B97E378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 5.4.0 hasta la versi\u00f3n 6.0.1 y ASA con FirePOWER Services 5.4.0 hasta la versi\u00f3n 6.0.0.1 permiten a atacantes remotos eludir la protecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, tambi\u00e9n conocida como Bug ID CSCux22726."
}
],
"id": "CVE-2016-1345",
"lastModified": "2024-11-21T02:46:13.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-01T00:59:00.113",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035437"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035438"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035439"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-10 20:29
Modified
2024-11-21 03:30
Severity ?
Summary
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/99460 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1038826 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038826 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.2.0 | |
| cisco | firesight_system_software | 6.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBDE0A2-5ECA-4287-8A70-235C1E17FA68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad backup y restore de Cisco FireSIGHT System Software, podr\u00eda permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario en un sistema destino. M\u00e1s informaci\u00f3n: CSCvc91092. Versiones afectadas conocidas: 6.2.0 y 6.2.1."
}
],
"id": "CVE-2017-6735",
"lastModified": "2024-11-21T03:30:24.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-10T20:29:00.783",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99460"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-FireSIGHT"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-12 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 4.10.3 | |
| cisco | firesight_system_software | 5.2.0 | |
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.1 | |
| cisco | firesight_system_software | 5.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6BDAC5-17DA-4937-8FC7-89FA830FC32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410."
},
{
"lang": "es",
"value": "Cisco FireSIGHT Management Center con software 4.10.3, 5.2.0, 5.3.0, 5.3.1 y 5.4.0 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de una petici\u00f3n GET manipulada, tambi\u00e9n conocida como Bug ID CSCur25410."
}
],
"id": "CVE-2015-6419",
"lastModified": "2024-11-21T02:34:57.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-12T16:59:02.993",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/79033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79033"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-19 03:03
Modified
2024-11-21 02:56
Severity ?
Summary
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/94359 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94359 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.0.2 | |
| cisco | firesight_system_software | 5.4.1.1 | |
| cisco | firesight_system_software | 5.4.1.6 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | firesight_system_software | 6.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA2DD6D-8C76-445E-BC92-C162D6B95647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "17719ED0-2836-4466-A5D8-D6EA699B4C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el FTP Representational State Transfer Application Programming Interface (REST API) para Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado, eludir las reglas de detecci\u00f3n de malware de FTP y descargar malware a trav\u00e9s de una conexi\u00f3n FTP. Cisco Firepower System Software est\u00e1 afectado cuando el dispositivo tiene una pol\u00edtica de archivo con bloqueo de malware configurado para conexiones FTP. M\u00e1s informaci\u00f3n: CSCuv36188 CSCuy91156. Lanzamientos conocidos afectados: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Lanzamientos conocidos solucionados: 6.0.0."
}
],
"id": "CVE-2016-6460",
"lastModified": "2024-11-21T02:56:10.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-19T03:03:03.537",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-23 02:00
Modified
2024-11-21 02:23
Severity ?
Summary
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.1 | |
| cisco | firesight_system_software | 5.3.1.2 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."
},
{
"lang": "es",
"value": "Vulnerabilidad de la redirecci\u00f3n abierta en Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una cabecera HTTP manipulada, tambi\u00e9n conocido como Bug IDs CSCut06060, CSCut06056, y CSCus98966."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-0706",
"lastModified": "2024-11-21T02:23:34.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-23T02:00:16.257",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-04 10:59
Modified
2024-11-21 02:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032482 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032482 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la interfaz web administrativa en el componente Management Center en Cisco FireSIGHT System Software 6.0.0 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de campos no especificados, tambi\u00e9n conocido como Bug IDs CSCus93566, CSCut31557, y CSCut47196."
}
],
"id": "CVE-2015-0766",
"lastModified": "2024-11-21T02:23:40.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-04T10:59:06.863",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39171"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032482"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-16 05:59
Modified
2024-11-21 02:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1034689 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034689 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el Management Center en Cisco FireSIGHT System Software 6.0.0 y 6.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocida como Bug ID CSCux40414."
}
],
"id": "CVE-2016-1293",
"lastModified": "2024-11-21T02:46:07.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-16T05:59:05.440",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034689"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 17:59
Modified
2024-11-21 02:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39879 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032887 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032887 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.5 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XXS) en Cisco FireSIGHT System Software 5.3.1.5 y 6.0.0, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a trav\u00e9s de URLs manipuladas, error conocido como Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697 y CSCuv22702."
}
],
"id": "CVE-2015-4270",
"lastModified": "2024-11-21T02:30:44.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T17:59:05.337",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39879"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032887"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-16 05:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1034690 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034690 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Management Center en Cisco FireSIGHT System Software 6.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una cookie manipulada, tambi\u00e9n conocida como Bug ID CSCuw89094."
}
],
"id": "CVE-2016-1294",
"lastModified": "2024-11-21T02:46:07.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-16T05:59:06.473",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034690"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-14 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/94805 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1037411 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94805 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037411 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "17719ED0-2836-4466-A5D8-D6EA699B4C08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6."
},
{
"lang": "es",
"value": "Una vulnerabilidad la interfaz de administraci\u00f3n basada en web de Cisco Firepower Management Center funcionando con el software FireSIGHT System puede permitir a un atacante remoto no autenticado ver la Remote Storage Password. M\u00e1s informaci\u00f3n: CSCvb19366. Lanzamientos Afectados Conocidos: 5.4.1.6."
}
],
"id": "CVE-2016-6471",
"lastModified": "2024-11-21T02:56:11.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-14T00:59:11.753",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037411"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-18 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.2.0 | |
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.1.1 | |
| cisco | firesight_system_software | 5.3.1.2 | |
| cisco | firesight_system_software | 5.3.1.5 | |
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444."
},
{
"lang": "es",
"value": "La funcionalidad de actualizaci\u00f3n de reglas en Cisco FireSIGHT Management Center (MC) 5.2 hasta la versi\u00f3n 5.4.0.1 no verifica el certificado X.509 del servidor SSL support.sourcefire.com, lo que permite a atacantes man-in-the-middle suplantar \u00e9ste servidor y proveer un paquete invalido, y consecuentemente ejecutar c\u00f3digo arbitrario, a trav\u00e9s de un certificado manipulado, tambi\u00e9n conocida como Bug ID CSCuw06444."
}
],
"id": "CVE-2015-6357",
"lastModified": "2024-11-21T02:34:50.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-18T11:59:01.387",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html"
},
{
"source": "ykramarz@cisco.com",
"url": "http://seclists.org/fulldisclosure/2015/Nov/79"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/archive/1/536913/100/0/threaded"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Nov/79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536913/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034161"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-12 10:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482."
},
{
"lang": "es",
"value": "Cisco Firepower Management Center en versiones anteriores a 6.1 y FireSIGHT System Software en versiones anteriores a 6.1, permite a atacantes remotos, cuando ciertas opciones de bloqueo de malware est\u00e1n habilitadas, eludir la detecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz44482."
}
],
"id": "CVE-2016-6396",
"lastModified": "2024-11-21T02:56:03.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:09.523",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036756"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 17:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4873587D-6F9C-46E2-87B7-ADD688533BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0E3DD9-6C10-4D5E-B0B2-E55A666CAAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD4E4F3-8BE4-4405-A3F3-D39B373E6B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1EE44C-7C18-41E5-B116-D8375306FF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D002467-393F-4C80-AC59-BED0ECBDD7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEE74A5-1085-4AAF-A492-BAEC226CF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6BDAC5-17DA-4937-8FC7-89FA830FC32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05553318-B493-4520-9D88-B8EF34162910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA5BE4-8312-4831-9D38-3F4FCBFB837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F0746-ADBA-4DE9-95D6-BC69611BC830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D1B9C-FFEE-41EF-AC92-646D035DDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D343B1D6-B4D6-40B8-A5CE-7A3C0D197C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE3A605-A639-4D38-91A7-CD7549D9C97C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3632502D-0569-4B7D-8942-515FCFE1062B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31C9342A-5AD8-4DCE-8972-307740620CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B062C5-97CC-43A7-8419-0DB8BED36A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "78AE978B-C049-4BE3-87CD-486243C023BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 4.10.2 hasta la versi\u00f3n 6.1.0 y Firepower Management Center permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva21636."
}
],
"id": "CVE-2016-6417",
"lastModified": "2024-11-21T02:56:05.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T17:59:06.820",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/93199"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036918"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-12 10:59
Modified
2024-11-21 02:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=38883 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032518 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=38883 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032518 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cisco FireSIGHT System Software 5.3.1.1 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un par\u00e1metro (1) GET o (2) POST manipulado, tambi\u00e9n conocida como Bug ID CSCuu11099."
}
],
"id": "CVE-2015-0737",
"lastModified": "2024-11-21T02:23:37.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-12T10:59:00.243",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38883"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032518"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 06:29
Modified
2024-11-21 03:30
Severity ?
Summary
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.1 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | firesight_system_software | 6.2.0 | |
| cisco | firesight_system_software | 6.2.1 | |
| cisco | firesight_system_software | 6.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBDE0A2-5ECA-4287-8A70-235C1E17FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4153DE2F-B331-4FA6-B16D-3C2D975FD887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funcionalidad Secure Sockets Layer (SSL) Decryption and Inspection de Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1 y 6.2.2 podr\u00eda permitir que un atacante remoto sin autenticar eluda la pol\u00edtica SSL para descifrar e inspeccionar tr\u00e1fico en un sistema afectado. La vulnerabilidad se debe a una interacci\u00f3n inesperada con las opciones de configuraci\u00f3n Known Key y Decrypt and Resign de las pol\u00edticas SSL cuando el software afectado recibe cabeceras de paquetes SSL inesperadas. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete SSL manipulado a trav\u00e9s de un dispositivo afectado en una sesi\u00f3n SSL v\u00e1lida. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda eludir la pol\u00edtica de descifrado e inspecci\u00f3n SSL para el sistema afectado, lo que podr\u00eda permitir que el tr\u00e1fico fluyese a trav\u00e9s del sistema sin ser inspeccionado. Cisco Bug IDs: CSCve12652."
}
],
"id": "CVE-2017-6766",
"lastModified": "2024-11-21T03:30:28.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T06:29:00.730",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve12652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-31 04:59
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.1.3 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cisco FireSight Management Center (MC) 5.4.1.3 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocido como Bug ID CSCuv73338."
}
],
"id": "CVE-2015-6354",
"lastModified": "2024-11-21T02:34:50.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-31T04:59:06.663",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034041"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.0.1 | |
| cisco | firesight_system_software | 6.0.1 | |
| cisco | firesight_system_software | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238."
},
{
"lang": "es",
"value": "Cisco Firepower System Software 6.0.0 hasta la versi\u00f3n 6.1.0 tiene una cuenta codificada, lo que permite a atacantes remotos obtener acceso CLI aprovechando el conocimiento de la contrase\u00f1a, tambi\u00e9n conocido como Bug ID CSCuz56238."
}
],
"id": "CVE-2016-1394",
"lastModified": "2024-11-21T02:46:21.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:02.860",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/91503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91503"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-14 00:59
Modified
2024-11-26 16:09
Severity ?
Summary
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/94801 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1037421 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94801 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037421 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.0.0 | |
| cisco | firesight_system_software | 6.0.0.1 | |
| cisco | firesight_system_software | 6.0.1 | |
| cisco | firesight_system_software | 6.0.1.1 | |
| cisco | firesight_system_software | 6.1.0 | |
| cisco | secure_firewall_management_center | 6.0.0 | |
| cisco | secure_firewall_management_center | 6.0.0.0 | |
| cisco | secure_firewall_management_center | 6.0.0.1 | |
| cisco | secure_firewall_management_center | 6.0.1 | |
| cisco | secure_firewall_management_center | 6.0.1.1 | |
| cisco | secure_firewall_management_center | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB492B2E-2CE6-4D29-9D82-D40A2B9508B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B764E48A-C748-4451-8E81-DD8B62B4BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E4035-E8E2-4964-A6F4-7292E1804E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF40DB44-C213-466E-B473-B07B30A42B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD6283-CC58-4864-AA24-F6C6DDE630FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1AFAC1-419D-4ADB-868B-1544BED58B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4EB1FD-690B-4F8C-A559-BC76CA5FDEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las caracter\u00edsticas de detecci\u00f3n y bloqueo de archivos maliciosos de Cisco Firepower Management Center y Cisco FireSIGHT System Software podr\u00eda permitir a un atacante remoto no autenticado eludir los mecanismos de detecci\u00f3n de malware en un dispositivo afectado. Productos Afectados: Cisco Firepower Management Center y FireSIGHT System Software son afectados cuando est\u00e1n configurados para utilizar una pol\u00edtica de archivos con la acci\u00f3n Block Malware. M\u00e1s Informaci\u00f3n: CSCvb27494. Lanzamientos Afectados Conocidos: 6.0.1.1 6.1.0."
}
],
"id": "CVE-2016-9193",
"lastModified": "2024-11-26T16:09:02.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-14T00:59:16.973",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037421"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-18 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.0.1 | |
| cisco | firesight_system_software | 5.3.0.2 | |
| cisco | firesight_system_software | 5.3.1 | |
| cisco | firesight_system_software | 5.3.1.1 | |
| cisco | firesight_system_software | 5.3.1.2 | |
| cisco | firesight_system_software | 5.3.1.3 | |
| cisco | firesight_system_software | 5.3.1.4 | |
| cisco | firesight_system_software | 5.3.1.5 | |
| cisco | firesight_system_software | 5.3.1.7 | |
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.0.1 | |
| cisco | firesight_system_software | 5.4.0.4 | |
| cisco | firesight_system_software | 5.4.1 | |
| cisco | firesight_system_software | 5.4.1.2 | |
| cisco | firesight_system_software | 5.4.1.3 | |
| cisco | firesight_system_software | 5.4.1.4 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.0.1 | |
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437."
},
{
"lang": "es",
"value": "Cisco FireSIGHT Management Center permite a atacantes remotos eludir la funcionalidad de detecci\u00f3n de ataques HTTP y evitar desencadenar las reglas del IDS Snort a trav\u00e9s de una sesi\u00f3n SSL que no es manejada adecuadamente despu\u00e9s del desencritado, tambi\u00e9n conocido como Bug ID CSCux53437."
}
],
"id": "CVE-2015-6427",
"lastModified": "2024-11-21T02:34:58.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-18T11:59:02.793",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034488"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-31 04:59
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.5 | |
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 5.4.0.1 | |
| cisco | firesight_system_software | 5.4.0.4 | |
| cisco | firesight_system_software | 5.4.1 | |
| cisco | firesight_system_software | 5.4.1.2 | |
| cisco | firesight_system_software | 5.4.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cisco FireSight Management Center (MC) 5.3.1.5 y 5.4.x hasta la versi\u00f3n 5.4.1.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocido como Bug ID CSCuu28922."
}
],
"id": "CVE-2015-6353",
"lastModified": "2024-11-21T02:34:50.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-31T04:59:05.757",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034040"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-08 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39643 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032806 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39643 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032806 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.1.2 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 5.4.1.2 y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCuu94721."
}
],
"id": "CVE-2015-4242",
"lastModified": "2024-11-21T02:30:42.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-08T14:59:02.940",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39643"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032806"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-19 02:00
Modified
2024-11-21 02:23
Severity ?
Summary
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=38905 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/74709 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032359 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=38905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74709 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032359 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d1000_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A066EF-EAD4-44D1-AB1E-BB7629E82696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d2000_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6EB6E8-B0BB-4892-9E64-AD93F99421E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d2100_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB00143A-C300-445C-83A8-5F7ABFDA3498",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d2500_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF02BCE6-681E-4C3D-B71A-2F5F5F1076DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d3500_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3F75C-69F7-42D3-A894-1F741CF709B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d4500_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "873539C5-BCB6-426E-B0FA-AF006E533125",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d500_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0EF103-6C18-4B4F-8F1C-9E3D9C518FDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d6500_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDEB665-DEE2-4707-92CD-32E0C2F5BCD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sourcefire_3d9900_sensor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0188534F-6DF6-436E-A774-E864D87C90C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Lights-Out Management (LOM) en Cisco FireSIGHT System Software 5.3.0 en los dispositivos Sourcefire 3D Sensor permite a usuarios remotos autenticados realizar subidas arbitrarias de ficheros de Baseboard Management Controller (BMC) a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCus87938."
}
],
"id": "CVE-2015-0739",
"lastModified": "2024-11-21T02:23:37.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-19T02:00:18.917",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38905"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74709"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032359"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-12 10:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D68F137F-0C21-4426-A9AC-B9B00177F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4874DD2C-25A3-4A5D-B27C-02C8D990868E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7317F08D-7EFC-4B62-80F7-FE576231A18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7508F7DB-48D1-4193-ABED-DCA6C49B11B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF592298-E703-4B5F-988A-FA1C0E342A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "089D6811-105D-4ECA-8836-F46BD0C7EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E65D89-AFF5-47B7-91EE-2A40CB01A689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "751A22BC-528B-4491-8BDE-F5E3DC024D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B8C63-652A-48CE-B13B-D01E53B3FC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E9B49-3332-4D5C-8E2E-4E3BEC0846C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "886ABEA0-A578-4239-9058-E51688D8027B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "758C985B-8BD7-48F0-99B3-AE06BAEB0EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F035955-83F7-4BAF-AA3D-3813C8AA4C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5815516B-6CC1-4951-953B-4F6B438269E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07C30E53-E9AE-4517-AC5C-EC5ED8668380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de administraci\u00f3n basada en web en Cisco Firepower Management Center en versiones anteriores a 6.1 y FireSIGHT System Software en versiones anteriores a 6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz58658."
}
],
"id": "CVE-2016-6395",
"lastModified": "2024-11-21T02:56:02.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:08.227",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036755"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-19 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=40432 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/76345 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1033279 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=40432 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76345 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033279 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390."
},
{
"lang": "es",
"value": "Vulnerabilidad en la interfaz web en Cisco FireSIGHT Management Center 5.3.1.4, permite a atacantes remotos borrar pol\u00edticas de sistema arbitrarias a trav\u00e9s de par\u00e1metros en una petici\u00f3n POST, tambi\u00e9n conocida como Bug ID CSCuu25390."
}
],
"id": "CVE-2015-4302",
"lastModified": "2024-11-21T02:30:48.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-19T14:59:01.767",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40432"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76345"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033279"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-05 21:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC980EC-5139-42A5-A054-B398CCF9471B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214."
},
{
"lang": "es",
"value": "Cisco FirePOWER System Software 5.3.x hasta la versi\u00f3n 5.3.0.6 y 5.4.x hasta la versi\u00f3n 5.4.0.3 sobre dispositivos FirePOWER 7000 y 8000 y sobre el componente Advanced Malware Protection (AMP) for Networks sobre estos dispositivos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de procesado de paquetes) a trav\u00e9s de paquetes manipulados, tambi\u00e9n conocido como Bug ID CSCuu86214."
}
],
"id": "CVE-2016-1368",
"lastModified": "2024-11-21T02:46:16.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-05T21:59:00.470",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-03 22:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | _6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:_6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4135F96-89AC-4978-BCC7-91CC3F3C2430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 6.1.0 no emplea un algoritmo de tiempo constante para la verificaci\u00f3n de credenciales, lo que hace m\u00e1s f\u00e1cil a atacantes remotos enumerar nombres de usuario v\u00e1lidos a trav\u00e9s de la medici\u00f3n de diferencias temporales, tambi\u00e9n conocido como Bug ID CSCuy41615."
}
],
"id": "CVE-2016-1356",
"lastModified": "2024-11-21T02:46:14.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-03T22:59:13.333",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035189"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
},
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-12 10:59
Modified
2024-11-21 02:56
Severity ?
Summary
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E807F3A-A75F-43F6-8CFC-92200D0F0C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5025E5E-51CD-42B9-B81A-15B06BEBB514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4023BBD2-FF31-402B-BBB2-DD143CF574EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1252AB9E-CF16-4721-BAD8-55B761303164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B2163-041D-4975-8B00-A406F47EEB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55200C11-D3AB-4E4E-AE45-4D27AEDB23E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEF2BDF-612C-4B37-8FE2-AD3191D417EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87359216-7FDC-4235-9DEC-6BAF04214FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5912CE-A631-4A16-84EE-E7B9864655D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11825DC6-C51C-49DA-9F60-BA60E2FBD2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D75EF46F-C78B-4D96-AEDD-C66EC5A414D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E708B7E-F5AA-4DD8-90DD-76D107F2AC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FB1681-0566-4BC5-94A4-1D9AA58E222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA95F020-BD8E-4188-8ABF-7310300B1763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B9FBE0-7771-49C9-96D9-204B684AB693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "380900BB-4F03-4E76-A78C-DFB43669494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5273EE5-40CA-48B5-8F60-823CDB75F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cisco Firepower Management Center y Cisco FireSIGHT System Software hasta la versi\u00f3n 6.1.0 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de un identificador de sesi\u00f3n, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz80503."
}
],
"id": "CVE-2016-6394",
"lastModified": "2024-11-21T02:56:02.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:07.287",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92825"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036757"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-28 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.1 | |
| cisco | firesight_system_software | 5.4.0 | |
| cisco | firesight_system_software | 6.0.0 | |
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0 y 6.0.1 permite a atacantes remotos eludir reglas Snort a trav\u00e9s de par\u00e1metros manipulados en la cabecera de un paquete HTTP, tambi\u00e9n conocido como Bug ID CSCuz20737."
}
],
"id": "CVE-2016-1463",
"lastModified": "2024-11-21T02:46:29.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-28T01:59:43.760",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/92152"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036471"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-25 02:59
Modified
2024-11-21 02:34
Severity ?
Summary
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1033873 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033873 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.7 | |
| cisco | firesight_system_software | 5.4.0.4 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A476BF5E-1877-4B47-8E89-240910B49A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de policy en Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4 y 6.0.0 para VMware permite a administradores remotos autenticados eludir las restricciones destinadas a policy y ejecutar comandos Linux como root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como Bug ID CSCuw12839."
}
],
"id": "CVE-2015-6335",
"lastModified": "2024-11-21T02:34:48.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-25T02:59:10.467",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033873"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-03 15:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la UI de Device Management UI en la interfaz de gesti\u00f3n en Cisco FireSIGHT System Software 6.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un valor manipulado, tambi\u00e9n conocida como Bug ID CSCuy41687."
}
],
"id": "CVE-2016-1355",
"lastModified": "2024-11-21T02:46:14.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-03T15:59:01.743",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035188"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-12 10:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032542 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032542 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.1 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user\u0027s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 5.3.1.3 y 6.0.0 permite a usuarios remotos autenticados eliminar el panel de control de un usuarios arbitrario a trav\u00e9s de una solicitud de eliminaci\u00f3n VPN modificada en una sesi\u00f3n de gesti\u00f3n, tambi\u00e9n conocida como Bug ID CSCut67078."
}
],
"id": "CVE-2015-0773",
"lastModified": "2024-11-21T02:23:41.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-12T10:59:02.587",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39256"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032542"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 10:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 4.10.3 | |
| cisco | firesight_system_software | 5.2.0 | |
| cisco | firesight_system_software | 5.3.0 | |
| cisco | firesight_system_software | 5.3.1 | |
| cisco | firesight_system_software | 5.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6BDAC5-17DA-4937-8FC7-89FA830FC32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC4B09D-E3B2-40B2-8704-010EDF605675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1049BCE-4A7B-4636-9090-17724D5AFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BEF2B98-243F-4796-A98C-A978C4CCAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467."
},
{
"lang": "es",
"value": "Cisco FireSIGHT System Software 4.10.3 hasta la versi\u00f3n 5.4.0 en Firepower Management Center permite a usuarios remotos autenticados eludir comprobaciones de autorizaci\u00f3n y obtener privilegios a trav\u00e9s de una petici\u00f3n HTTP manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCur25467."
}
],
"id": "CVE-2016-6420",
"lastModified": "2024-11-21T02:56:05.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:20.550",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036919"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-12 03:59
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.4.1.4 | |
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el web framework en Cisco FireSIGHT Management Center (MC) 5.4.1.4 y 6.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocidas como Bug ID CSCuw88396."
}
],
"id": "CVE-2015-6363",
"lastModified": "2024-11-21T02:34:51.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-12T03:59:01.293",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034138"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-24 01:59
Modified
2024-11-21 02:56
Severity ?
Summary
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585."
},
{
"lang": "es",
"value": "Cisco Firepower Management Center y FireSIGHT System Software 6.0.1 maneja de forma incorrecta las comparaciones entre URLs y certificados X.509, lo que permite a atacantes remotos eludir configuraciones destinadas al no-descifrado a trav\u00e9s de una URL manipulada, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCva50585."
}
],
"id": "CVE-2016-6411",
"lastModified": "2024-11-21T02:56:04.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-24T01:59:04.057",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1036877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036877"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-23 02:00
Modified
2024-11-21 02:23
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | firesight_system_software | 5.3.1.1 | |
| cisco | firesight_system_software | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco FireSIGHT System Software 5.3.1.1 y 6.0.0 en FireSIGHT Management Center permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un par\u00e1metro no especificado, tambi\u00e9n conocido como Bug ID CSCus85425."
}
],
"id": "CVE-2015-0707",
"lastModified": "2024-11-21T02:23:34.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-23T02:00:17.193",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38487"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}