cvelistv5 - CVE-2016-6460

CVE-2016-6460 (GCVE-0-2016-6460)

Vulnerability from cvelistv5 – Published: 2016-11-19 02:45 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/94359	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Firepower System Software 5.4.0.2 through 6.2.0	Affected: Cisco Firepower System Software 5.4.0.2 through 6.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94359",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
            }
          ]
        }
      ],
      "datePublic": "2016-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "94359",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94359",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94359"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6460",
    "datePublished": "2016-11-19T02:45:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2424A93-0C9D-4839-9773-EBFD143F6240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DA2DD6D-8C76-445E-BC92-C162D6B95647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17719ED0-2836-4466-A5D8-D6EA699B4C08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D52DB0-4441-41C9-900E-DE917B0CBC91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"362E320D-70E9-4B51-9298-ADF612FD440F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A67A5C44-A26D-44A3-9674-92657FBA0513\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el FTP Representational State Transfer Application Programming Interface (REST API) para Cisco Firepower System Software podr\\u00eda permitir a un atacante remoto no autenticado, eludir las reglas de detecci\\u00f3n de malware de FTP y descargar malware a trav\\u00e9s de una conexi\\u00f3n FTP. Cisco Firepower System Software est\\u00e1 afectado cuando el dispositivo tiene una pol\\u00edtica de archivo con bloqueo de malware configurado para conexiones FTP. M\\u00e1s informaci\\u00f3n: CSCuv36188 CSCuy91156. Lanzamientos conocidos afectados: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Lanzamientos conocidos solucionados: 6.0.0.\"}]",
      "id": "CVE-2016-6460",
      "lastModified": "2024-11-21T02:56:10.513",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-11-19T03:03:03.537",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94359\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94359\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-254\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6460\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-11-19T03:03:03.537\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el FTP Representational State Transfer Application Programming Interface (REST API) para Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado, eludir las reglas de detecci\u00f3n de malware de FTP y descargar malware a trav\u00e9s de una conexi\u00f3n FTP. Cisco Firepower System Software est\u00e1 afectado cuando el dispositivo tiene una pol\u00edtica de archivo con bloqueo de malware configurado para conexiones FTP. M\u00e1s informaci\u00f3n: CSCuv36188 CSCuy91156. Lanzamientos conocidos afectados: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Lanzamientos conocidos solucionados: 6.0.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2424A93-0C9D-4839-9773-EBFD143F6240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA2DD6D-8C76-445E-BC92-C162D6B95647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17719ED0-2836-4466-A5D8-D6EA699B4C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D52DB0-4441-41C9-900E-DE917B0CBC91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"362E320D-70E9-4B51-9298-ADF612FD440F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67A5C44-A26D-44A3-9674-92657FBA0513\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94359\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2016-6460

Vulnerability from fkie_nvd - Published: 2016-11-19 03:03 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/94359	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94359	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	firesight_system_software	5.4.0.2
cisco	firesight_system_software	5.4.1.1
cisco	firesight_system_software	5.4.1.6
cisco	firesight_system_software	6.0.0
cisco	firesight_system_software	6.1.0
cisco	firesight_system_software	6.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA2DD6D-8C76-445E-BC92-C162D6B95647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "17719ED0-2836-4466-A5D8-D6EA699B4C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "362E320D-70E9-4B51-9298-ADF612FD440F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67A5C44-A26D-44A3-9674-92657FBA0513",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el FTP Representational State Transfer Application Programming Interface (REST API) para Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado, eludir las reglas de detecci\u00f3n de malware de FTP y descargar malware a trav\u00e9s de una conexi\u00f3n FTP. Cisco Firepower System Software est\u00e1 afectado cuando el dispositivo tiene una pol\u00edtica de archivo con bloqueo de malware configurado para conexiones FTP. M\u00e1s informaci\u00f3n: CSCuv36188 CSCuy91156. Lanzamientos conocidos afectados: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Lanzamientos conocidos solucionados: 6.0.0."
    }
  ],
  "id": "CVE-2016-6460",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-19T03:03:03.537",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94359"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-6460

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6460

Aliases

CVE-2016-6460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6460",
    "description": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.",
    "id": "GSD-2016-6460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6460"
      ],
      "details": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.",
      "id": "GSD-2016-6460",
      "modified": "2023-12-13T01:21:23.728024Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94359",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94359"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
            },
            {
              "name": "94359",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94359"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-06T17:45Z",
      "publishedDate": "2016-11-19T03:03Z"
    }
  }
}

VAR-201611-0169

Vulnerability from variot - Updated: 2023-12-18 13:48

A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. Cisco Firepower System Software is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug IDs CSCuv36188 and CSCuy91156

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "5.4.1.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "5.4.1.6"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.0.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.1.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.2.0"
      },
      {
        "model": "firepower system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "94359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "94359"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6460",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-95280",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6460",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6460",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-445",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95280",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. Cisco Firepower System Software is prone to a remote security-bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug IDs CSCuv36188 and CSCuy91156",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "BID",
        "id": "94359"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6460",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "94359",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95280",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "db": "BID",
        "id": "94359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "id": "VAR-201611-0169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      }
    ],
    "trust": 0.6369458
  },
  "last_update_date": "2023-12-18T13:48:42.372000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161116-fss",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161116-fss"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-16",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161116-fss"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/94359"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6460"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6460"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "db": "BID",
        "id": "94359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "db": "BID",
        "id": "94359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "date": "2016-11-16T00:00:00",
        "db": "BID",
        "id": "94359"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "date": "2016-11-19T03:03:03.537000",
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95280"
      },
      {
        "date": "2016-11-24T01:11:00",
        "db": "BID",
        "id": "94359"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      },
      {
        "date": "2016-12-06T17:45:32.907000",
        "db": "NVD",
        "id": "CVE-2016-6460"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Firepower System Software  FTP REST API In FTP Vulnerabilities that bypass malware detection rules",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005911"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "configuration error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-445"
      }
    ],
    "trust": 0.6
  }
}

GHSA-WX73-XMW3-898P

Vulnerability from github – Published: 2022-05-17 03:28 – Updated: 2022-05-17 03:28

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6460"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-19T03:03:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.",
  "id": "GHSA-wx73-xmw3-898p",
  "modified": "2022-05-17T03:28:58Z",
  "published": "2022-05-17T03:28:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6460"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94359"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-11329

Vulnerability from cnvd - Published: 2016-11-21

Title

Cisco Firepower System Software安全绕过漏洞（CNVD-2016-11329）

Description

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。 Cisco Firepower System Software存在安全绕过漏洞，攻击者可以利用该漏洞绕过安全限制并执行未经授权的操作。

Severity

中

Patch Name

Cisco Firepower System Software安全绕过漏洞（CNVD-2016-11329）的补丁

Patch Description

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。 Cisco Firepower System Software存在安全绕过漏洞，攻击者可以利用该漏洞绕过安全限制并执行未经授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss

Reference

http://www.securityfocus.com/bid/94359 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss

Impacted products

Name
Cisco Firepower System Software

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94359"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6460"
    }
  },
  "description": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11329",
  "openTime": "2016-11-21",
  "patchDescription": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-11329\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Firepower System Software"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94359\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-17",
  "title": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-11329\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6460 (GCVE-0-2016-6460)

FKIE_CVE-2016-6460

GSD-2016-6460

VAR-201611-0169

GHSA-WX73-XMW3-898P

CNVD-2016-11329

Tags

Sightings

Nomenclature