Lucene search

CiscoCISCO-SA-20160617-FMC

HistoryJun 17, 2016 - 11:30 a.m.

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

2016-06-1711:30:00

tools.cisco.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an affected device.

The vulnerability is due to insufficient filtering of output data. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script in the context of the site or access sensitive browser-based information.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc”]

Affected configurations

Vulners

Node

ciscofirepower_management_centerMatch5.4

ciscofirepower_management_centerMatch5.3

ciscofirepower_management_centerMatch5.2

ciscofirepower_management_centerMatch4.10

ciscofirepower_management_centerMatch5.4.0

ciscofirepower_management_centerMatch5.3.0

ciscofirepower_management_centerMatch5.3.1

ciscofirepower_management_centerMatch5.2.0

ciscofirepower_management_centerMatch4.10.3

VendorProductVersionCPE
ciscofirepower_management_center5.4cpe:2.3:a:cisco:firepower_management_center:5.4:*:*:*:*:*:*:*
ciscofirepower_management_center5.3cpe:2.3:a:cisco:firepower_management_center:5.3:*:*:*:*:*:*:*
ciscofirepower_management_center5.2cpe:2.3:a:cisco:firepower_management_center:5.2:*:*:*:*:*:*:*
ciscofirepower_management_center4.10cpe:2.3:a:cisco:firepower_management_center:4.10:*:*:*:*:*:*:*
ciscofirepower_management_center5.4.0cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.0cpe:2.3:a:cisco:firepower_management_center:5.3.0:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1cpe:2.3:a:cisco:firepower_management_center:5.3.1:*:*:*:*:*:*:*
ciscofirepower_management_center5.2.0cpe:2.3:a:cisco:firepower_management_center:5.2.0:*:*:*:*:*:*:*
ciscofirepower_management_center4.10.3cpe:2.3:a:cisco:firepower_management_center:4.10.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_management_center	5.4	cpe:2.3:a:cisco:firepower_management_center:5.4:::::::*
cisco	firepower_management_center	5.3	cpe:2.3:a:cisco:firepower_management_center:5.3:::::::*
cisco	firepower_management_center	5.2	cpe:2.3:a:cisco:firepower_management_center:5.2:::::::*
cisco	firepower_management_center	4.10	cpe:2.3:a:cisco:firepower_management_center:4.10:::::::*
cisco	firepower_management_center	5.4.0	cpe:2.3:a:cisco:firepower_management_center:5.4.0:::::::*
cisco	firepower_management_center	5.3.0	cpe:2.3:a:cisco:firepower_management_center:5.3.0:::::::*
cisco	firepower_management_center	5.3.1	cpe:2.3:a:cisco:firepower_management_center:5.3.1:::::::*
cisco	firepower_management_center	5.2.0	cpe:2.3:a:cisco:firepower_management_center:5.2.0:::::::*
cisco	firepower_management_center	4.10.3	cpe:2.3:a:cisco:firepower_management_center:4.10.3:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

Related for CISCO-SA-20160617-FMC