cvelistv5 - cve-2016-1345

CVE-2016-1345 (GCVE-0-2016-1345)

Vulnerability from cvelistv5 – Published: 2016-04-01 00:00 – Updated: 2024-08-05 22:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1035437	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1035439	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1035438	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035437",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035437"
          },
          {
            "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
          },
          {
            "name": "1035439",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035439"
          },
          {
            "name": "1035438",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035438"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1035437",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035437"
        },
        {
          "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
        },
        {
          "name": "1035439",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035439"
        },
        {
          "name": "1035438",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035438"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035437",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035437"
            },
            {
              "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
            },
            {
              "name": "1035439",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035439"
            },
            {
              "name": "1035438",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035438"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1345",
    "datePublished": "2016-04-01T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8C72F82-238A-496E-9B01-F545889DE972\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AB63124-15FC-434A-9BC3-B8072BB74DD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FC9D5C8-A2F7-4A4D-9672-BA92D3F70299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3162DAB2-0866-4427-9B6D-58B025DFD0F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51E5901-A395-4208-B642-4DD23A6B63A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B6488E2-4B6A-4C93-A9CF-AA32013A1605\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08314129-10D6-421C-AEE1-348460EBDD0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2239F826-AAFA-4354-9BED-2C33AEF983D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0275E2F5-30EF-4D0D-A0CC-BFEB0B97E378\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EB13B96-D431-49BD-ADAB-9AE5DB559935\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79AECC9E-657F-4BFF-B640-B96CD1384647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2424A93-0C9D-4839-9773-EBFD143F6240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C27E220F-160C-4706-9516-27889F7B37E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CB0484C-F0B7-4349-856E-194E97A7F8A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD5721D-8F28-4A7C-B2BE-97CE796B208A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85DEC2B7-2142-4959-817F-2F9B3AA82660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7DC251B-1CA8-4232-A900-885933E01FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD0DF530-4865-45A1-87CA-6ED6026A56A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7335266F-B16F-4EFB-B1D2-1F61B3EBB437\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13BF9C6F-B511-444B-B6B7-960DF8758964\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D52DB0-4441-41C9-900E-DE917B0CBC91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D032900-6B00-4F4D-A2F7-6119F113675F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC5565FE-174C-41C7-9462-9138BB31507D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.\"}, {\"lang\": \"es\", \"value\": \"Cisco FireSIGHT System Software 5.4.0 hasta la versi\\u00f3n 6.0.1 y ASA con FirePOWER Services 5.4.0 hasta la versi\\u00f3n 6.0.0.1 permiten a atacantes remotos eludir la protecci\\u00f3n de malware a trav\\u00e9s de campos manipulados en cabeceras HTTP, tambi\\u00e9n conocida como Bug ID CSCux22726.\"}]",
      "id": "CVE-2016-1345",
      "lastModified": "2024-11-21T02:46:13.527",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
      "published": "2016-04-01T00:59:00.113",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1035437\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035438\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035439\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1035437\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035438\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1345\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-04-01T00:59:00.113\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.\"},{\"lang\":\"es\",\"value\":\"Cisco FireSIGHT System Software 5.4.0 hasta la versi\u00f3n 6.0.1 y ASA con FirePOWER Services 5.4.0 hasta la versi\u00f3n 6.0.0.1 permiten a atacantes remotos eludir la protecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, tambi\u00e9n conocida como Bug ID CSCux22726.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C72F82-238A-496E-9B01-F545889DE972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AB63124-15FC-434A-9BC3-B8072BB74DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FC9D5C8-A2F7-4A4D-9672-BA92D3F70299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3162DAB2-0866-4427-9B6D-58B025DFD0F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51E5901-A395-4208-B642-4DD23A6B63A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B6488E2-4B6A-4C93-A9CF-AA32013A1605\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08314129-10D6-421C-AEE1-348460EBDD0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2239F826-AAFA-4354-9BED-2C33AEF983D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0275E2F5-30EF-4D0D-A0CC-BFEB0B97E378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EB13B96-D431-49BD-ADAB-9AE5DB559935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79AECC9E-657F-4BFF-B640-B96CD1384647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2424A93-0C9D-4839-9773-EBFD143F6240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C27E220F-160C-4706-9516-27889F7B37E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB0484C-F0B7-4349-856E-194E97A7F8A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD5721D-8F28-4A7C-B2BE-97CE796B208A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DEC2B7-2142-4959-817F-2F9B3AA82660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DC251B-1CA8-4232-A900-885933E01FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD0DF530-4865-45A1-87CA-6ED6026A56A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7335266F-B16F-4EFB-B1D2-1F61B3EBB437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13BF9C6F-B511-444B-B6B7-960DF8758964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D52DB0-4441-41C9-900E-DE917B0CBC91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D032900-6B00-4F4D-A2F7-6119F113675F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC5565FE-174C-41C7-9462-9138BB31507D\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1035437\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1035438\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1035439\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1035437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2016-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Appliances Sourcefire 3D System
Cisco	N/A	Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware
Cisco	N/A	Cisco Appliances FirePOWER séries 8000
Cisco	N/A	Snort versions antérieures à 2.9.8.2
Cisco	Firepower Threat Defense	Cisco FirePOWER Threat Defense pour routeurs supportant le modèle IntServ (ISRs)
Cisco	N/A	Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series
Cisco	N/A	Dans les produits sus-cités, sont vulnérables ceux qui exécutent Cisco Firepower System Software, versions antérieures à 5.4.0.7, 5.4.1.6, ou 6.0.1
Cisco	N/A	Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 8000
Cisco	Adaptive Security Appliance	Cisco Adaptive Security Appliance (ASA) séries 5500-X avec les services FirePOWER
Cisco	Unified Communications	Cisco Unified Communications Domain Manager version 8.1(1)
Cisco	N/A	Cisco Appliances FirePOWER séries 7000
Cisco	N/A	Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 7000

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160328-ucdm du 28 mars 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160330-fp du 30 mars 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160330-fp du 30 mars 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160328-ucdm du 28 mars 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Appliances Sourcefire 3D System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Appliances FirePOWER s\u00e9ries 8000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Snort versions ant\u00e9rieures \u00e0 2.9.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER Threat Defense pour routeurs supportant le mod\u00e8le IntServ (ISRs)",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Dans les produits sus-cit\u00e9s, sont vuln\u00e9rables ceux qui ex\u00e9cutent Cisco Firepower System Software, versions ant\u00e9rieures \u00e0 5.4.0.7, 5.4.1.6, ou 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 8000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Adaptive Security Appliance (ASA) s\u00e9ries 5500-X avec les services FirePOWER",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Domain Manager version 8.1(1)",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Appliances FirePOWER s\u00e9ries 7000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 7000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1314"
    },
    {
      "name": "CVE-2016-1345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1345"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28    mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm"
    }
  ],
  "reference": "CERTFR-2016-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Appliances Sourcefire 3D System
Cisco	N/A	Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware
Cisco	N/A	Cisco Appliances FirePOWER séries 8000
Cisco	N/A	Snort versions antérieures à 2.9.8.2
Cisco	Firepower Threat Defense	Cisco FirePOWER Threat Defense pour routeurs supportant le modèle IntServ (ISRs)
Cisco	N/A	Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series
Cisco	N/A	Dans les produits sus-cités, sont vulnérables ceux qui exécutent Cisco Firepower System Software, versions antérieures à 5.4.0.7, 5.4.1.6, ou 6.0.1
Cisco	N/A	Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 8000
Cisco	Adaptive Security Appliance	Cisco Adaptive Security Appliance (ASA) séries 5500-X avec les services FirePOWER
Cisco	Unified Communications	Cisco Unified Communications Domain Manager version 8.1(1)
Cisco	N/A	Cisco Appliances FirePOWER séries 7000
Cisco	N/A	Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 7000

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160328-ucdm du 28 mars 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160330-fp du 30 mars 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160330-fp du 30 mars 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160328-ucdm du 28 mars 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Appliances Sourcefire 3D System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Appliances FirePOWER s\u00e9ries 8000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Snort versions ant\u00e9rieures \u00e0 2.9.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER Threat Defense pour routeurs supportant le mod\u00e8le IntServ (ISRs)",
      "product": {
        "name": "Firepower Threat Defense",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Dans les produits sus-cit\u00e9s, sont vuln\u00e9rables ceux qui ex\u00e9cutent Cisco Firepower System Software, versions ant\u00e9rieures \u00e0 5.4.0.7, 5.4.1.6, ou 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 8000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Adaptive Security Appliance (ASA) s\u00e9ries 5500-X avec les services FirePOWER",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Domain Manager version 8.1(1)",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Appliances FirePOWER s\u00e9ries 7000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 7000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1314"
    },
    {
      "name": "CVE-2016-1345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1345"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28    mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm"
    }
  ],
  "reference": "CERTFR-2016-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars 2016",
      "url": null
    }
  ]
}

FKIE_CVE-2016-1345

Vulnerability from fkie_nvd - Published: 2016-04-01 00:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035437
psirt@cisco.com	http://www.securitytracker.com/id/1035438
psirt@cisco.com	http://www.securitytracker.com/id/1035439
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035437
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035438
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035439

Impacted products

Vendor	Product	Version
cisco	asa_with_firepower_services	5.4.0
cisco	asa_with_firepower_services	5.4.0.1
cisco	asa_with_firepower_services	5.4.0.2
cisco	asa_with_firepower_services	5.4.0.3
cisco	asa_with_firepower_services	5.4.0.4
cisco	asa_with_firepower_services	5.4.0.5
cisco	asa_with_firepower_services	5.4.0.6
cisco	asa_with_firepower_services	6.0.0
cisco	asa_with_firepower_services	6.0.0.1
cisco	firesight_system_software	5.4.0
cisco	firesight_system_software	5.4.0.1
cisco	firesight_system_software	5.4.0.2
cisco	firesight_system_software	5.4.0.3
cisco	firesight_system_software	5.4.0.4
cisco	firesight_system_software	5.4.0.5
cisco	firesight_system_software	5.4.0.6
cisco	firesight_system_software	5.4.1
cisco	firesight_system_software	5.4.1.2
cisco	firesight_system_software	5.4.1.3
cisco	firesight_system_software	5.4.1.4
cisco	firesight_system_software	6.0.0
cisco	firesight_system_software	6.0.0.1
cisco	firesight_system_software	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C72F82-238A-496E-9B01-F545889DE972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB63124-15FC-434A-9BC3-B8072BB74DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC9D5C8-A2F7-4A4D-9672-BA92D3F70299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3162DAB2-0866-4427-9B6D-58B025DFD0F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51E5901-A395-4208-B642-4DD23A6B63A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B6488E2-4B6A-4C93-A9CF-AA32013A1605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "08314129-10D6-421C-AEE1-348460EBDD0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2239F826-AAFA-4354-9BED-2C33AEF983D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0275E2F5-30EF-4D0D-A0CC-BFEB0B97E378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
    },
    {
      "lang": "es",
      "value": "Cisco FireSIGHT System Software 5.4.0 hasta la versi\u00f3n 6.0.1 y ASA con FirePOWER Services 5.4.0 hasta la versi\u00f3n 6.0.0.1 permiten a atacantes remotos eludir la protecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, tambi\u00e9n conocida como Bug ID CSCux22726."
    }
  ],
  "id": "CVE-2016-1345",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-01T00:59:00.113",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035437"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035438"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035439"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201604-0565

Vulnerability from variot - Updated: 2023-12-18 13:39

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCux22726. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to bypass malicious file detection or blocking policies. The following devices and versions are affected: Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services Version 5.4.0 to Version 6.0.0.1, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers(ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire Next 3D System Appliances, Virt -Generation Intrusion Prevention System (NGIPSv) for VMware

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0565",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.3"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.4"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.5"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.6"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.0"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.6"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.0.1"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.4"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.5"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.3"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.4"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0.3"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.4.0 to  6.0.0.1"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.4.0 to  6.0.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This vulnerability was found and reported to Cisco by Dikla Barda, Liad Mizrachi, and Oded Vanunu from Check Point Security Team.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-1345",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1345",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90164",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1345",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1345",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-428",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90164",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. \nAn attacker can exploit this issue to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCux22726. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to bypass malicious file detection or blocking policies. The following devices and versions are affected: Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services Version 5.4.0 to Version 6.0.0.1, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers(ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire Next 3D System Appliances, Virt -Generation Intrusion Prevention System (NGIPSv) for VMware",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "BID",
        "id": "85749"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1345",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1035438",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1035437",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1035439",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "85749",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-90164",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "db": "BID",
        "id": "85749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "id": "VAR-201604-0565",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      }
    ],
    "trust": 0.6714285999999999
  },
  "last_update_date": "2023-12-18T13:39:11.266000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160330-fp",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160330-fp"
      },
      {
        "title": "cisco-sa-20160330-fp",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/113/1136/1136613_cisco-sa-20160330-fp-j.html"
      },
      {
        "title": "Cisco Firepower System Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60722"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160330-fp"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035437"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035438"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035439"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1345"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1345"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "db": "BID",
        "id": "85749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "db": "BID",
        "id": "85749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "date": "2016-03-30T00:00:00",
        "db": "BID",
        "id": "85749"
      },
      {
        "date": "2016-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "date": "2016-04-01T00:59:00.113000",
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90164"
      },
      {
        "date": "2016-07-06T14:18:00",
        "db": "BID",
        "id": "85749"
      },
      {
        "date": "2016-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      },
      {
        "date": "2016-12-03T03:20:28.810000",
        "db": "NVD",
        "id": "CVE-2016-1345"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco FireSIGHT system Software and  ASA with FirePOWER Services Vulnerabilities that prevent malware protection",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001931"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-428"
      }
    ],
    "trust": 0.6
  }
}

GHSA-XMGP-GW66-397H

Vulnerability from github – Published: 2022-05-17 03:32 – Updated: 2022-05-17 03:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-01T00:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.",
  "id": "GHSA-xmgp-gw66-397h",
  "modified": "2022-05-17T03:32:07Z",
  "published": "2022-05-17T03:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1345"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035437"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035438"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-1345

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1345

Aliases

CVE-2016-1345

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1345",
    "description": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.",
    "id": "GSD-2016-1345"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1345"
      ],
      "details": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.",
      "id": "GSD-2016-1345",
      "modified": "2023-12-13T01:21:24.786574Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1345",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1035437",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035437"
          },
          {
            "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
          },
          {
            "name": "1035439",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035439"
          },
          {
            "name": "1035438",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035438"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1345"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
            },
            {
              "name": "1035439",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035439"
            },
            {
              "name": "1035437",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035437"
            },
            {
              "name": "1035438",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035438"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-03T03:20Z",
      "publishedDate": "2016-04-01T00:59Z"
    }
  }
}

CNVD-2016-01974

Vulnerability from cnvd - Published: 2016-04-01

Title

Cisco Firepower System Software安全绕过漏洞

Description

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。 Cisco Firepower System Software的恶意文件检测和阻断功能存在安全绕过漏洞。由于程序未能正确验证HTTP头中的字段。远程攻击者可利用该漏洞通过发送特制的HTTP请求绕过恶意文件检测或阻断策略。

Severity

中

Patch Name

Cisco Firepower System Software安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Impacted products

Name
['Cisco Firepower System Software 5.4.0-6.0.1', 'Cisco ASA with FirePOWER Services 5.4.0-6.0.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1345"
    }
  },
  "description": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u7684\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u548c\u963b\u65ad\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1HTTP\u5934\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u7ed5\u8fc7\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u6216\u963b\u65ad\u7b56\u7565\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01974",
  "openTime": "2016-04-01",
  "patchDescription": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u7684\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u548c\u963b\u65ad\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1HTTP\u5934\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u7ed5\u8fc7\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u6216\u963b\u65ad\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Firepower System Software 5.4.0-6.0.1",
      "Cisco ASA with FirePOWER Services  5.4.0-6.0.0.1"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-31",
  "title": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1345 (GCVE-0-2016-1345)

CERTFR-2016-AVI-111

Solution

CERTFR-2016-AVI-111

Solution

FKIE_CVE-2016-1345

VAR-201604-0565

GHSA-XMGP-GW66-397H

GSD-2016-1345

CNVD-2016-01974

Tags

Sightings

Nomenclature