cnvd - cnvd-2015-08488

CNVD-2015-08488

Vulnerability from cnvd - Published: 2015-12-28

Title

Cisco FireSIGHT Management Center安全机制绕过漏洞

Description

Cisco FireSIGHT Management Center是美国思科（Cisco）公司的一套支持集中管理采用FirePOWER Services的Cisco ASA和思科FirePOWER网络安全设备的网络安全和运行功能的管理中心软件。 Cisco FireSIGHT Management Center存在安全机制绕过漏洞。允许远程攻击者通过解密后受到粗暴的对待SSL会话通过HTTP攻击检测功能和避免触发Snort IDS规则。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.cisco.com/

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm

Impacted products

Name
Cisco FireSIGHT Management Center

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6427"
    }
  },
  "description": "Cisco FireSIGHT Management Center\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u652f\u6301\u96c6\u4e2d\u7ba1\u7406\u91c7\u7528FirePOWER Services\u7684Cisco ASA\u548c\u601d\u79d1FirePOWER\u7f51\u7edc\u5b89\u5168\u8bbe\u5907\u7684\u7f51\u7edc\u5b89\u5168\u548c\u8fd0\u884c\u529f\u80fd\u7684\u7ba1\u7406\u4e2d\u5fc3\u8f6f\u4ef6\u3002\r\n\r\nCisco FireSIGHT Management Center\u5b58\u5728\u5b89\u5168\u673a\u5236\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u89e3\u5bc6\u540e\u53d7\u5230\u7c97\u66b4\u7684\u5bf9\u5f85SSL\u4f1a\u8bdd\u901a\u8fc7HTTP\u653b\u51fb\u68c0\u6d4b\u529f\u80fd\u548c\u907f\u514d\u89e6\u53d1Snort IDS\u89c4\u5219\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08488",
  "openTime": "2015-12-28",
  "products": {
    "product": "Cisco FireSIGHT Management Center"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm",
  "serverity": "\u4e2d",
  "submitTime": "2015-12-25",
  "title": "Cisco FireSIGHT Management Center\u5b89\u5168\u673a\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-6427 (GCVE-0-2015-6427)

Vulnerability from cvelistv5 – Published: 2015-12-18 11:00 – Updated: 2024-08-06 07:22

Summary

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1034488	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:21.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034488",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034488"
          },
          {
            "name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034488",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034488"
        },
        {
          "name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034488",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034488"
            },
            {
              "name": "20151217 Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6427",
    "datePublished": "2015-12-18T11:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:21.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-08488

CVE-2015-6427 (GCVE-0-2015-6427)

Tags

Sightings

Nomenclature