Lucene search
+L

264 matches found

CVE
CVE
added 2016/07/28 1:0 a.m.54 views

CVE-2016-1463

CVE-2016-1463 affects Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1. The root cause is improper handling of HTTP header parameters, enabling a remote, unauthenticated attacker to bypass Snort-based rules in the device. Affected component/behavior: Snort rule detection proces...

7.5CVSS7.5AI score0.02113EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/07/28 1:0 a.m.26 views

CVE-2016-1463

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...

7.6AI score0.02113EPSS
Exploits0References3
CNVD
CNVD
added 2016/07/28 12:0 a.m.7 views

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...

7.5CVSS6.9AI score0.02113EPSS
Exploits0References1
Cisco
Cisco
added 2016/07/27 4:0 p.m.42 views

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...

5CVSS7.5AI score0.02113EPSS
Exploits0References1
Prion
Prion
added 2016/04/01 12:59 a.m.15 views

Authentication flaw

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

5CVSS7.2AI score0.01399EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2016/04/01 12:59 a.m.16 views

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

7.5CVSS7.6AI score0.01399EPSS
Exploits0References4
OSV
OSV
added 2016/04/01 12:59 a.m.5 views

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

7.5CVSS5.8AI score0.01399EPSS
Exploits0References4
CVE
CVE
added 2016/04/01 12:0 a.m.53 views

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0–6.0.1 and ASA with FirePOWER Services 5.4.0–6.0.0.1 are affected by CVE-2016-1345, due to improper input validation of HTTP header fields, allowing remote attackers to bypass malware protection. Impact is the ability to install or pass malware without detecti...

7.5CVSS7.5AI score0.01399EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2016/04/01 12:0 a.m.24 views

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

7.6AI score0.01399EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/03/21 12:0 a.m.23 views

Cisco FireSIGHT System Software Multiple Vulnerabilities

A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. A vulnerability in the HTTP web-based management interface ...

6.1CVSS5AI score0.00831EPSS
Exploits0References2
CNVD
CNVD
added 2016/03/04 12:0 a.m.7 views

Cisco FireSIGHT System Software HTTP web-based Management Interface Cross-Site Scripting Vulnerability

Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...

6.1CVSS5.9AI score0.00765EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/04 12:0 a.m.8 views

Cisco FireSIGHT System Software Convert Timing Channel Information Disclosure Vulnerability

Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...

4.3CVSS6.8AI score0.00831EPSS
Exploits0References1
NVD
NVD
added 2016/03/03 10:59 p.m.20 views

CVE-2016-1356

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615...

4.3CVSS4.3AI score0.00831EPSS
Exploits0References2
OSV
OSV
added 2016/03/03 10:59 p.m.4 views

CVE-2016-1356

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615...

3.7CVSS5.8AI score0.00831EPSS
Exploits0References2
Prion
Prion
added 2016/03/03 10:59 p.m.19 views

Code injection

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615...

4.3CVSS7.1AI score0.00831EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/03/03 10:0 p.m.63 views

CVE-2016-1356

CVE-2016-1356 affects Cisco FireSIGHT System Software 6.1.0, where credential verification does not use a constant-time algorithm. This timing variability enables remote attackers to enumerate valid usernames via measurement of responses, as described in Cisco’s FireSIGHT advisory (cisco-sa-20160...

4.3CVSS4.6AI score0.00831EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/03/03 10:0 p.m.27 views

CVE-2016-1356

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615...

4.5AI score0.00831EPSS
Exploits0References2
NVD
NVD
added 2016/03/03 3:59 p.m.25 views

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

6.1CVSS6AI score0.00765EPSS
Exploits0References2
OSV
OSV
added 2016/03/03 3:59 p.m.2 views

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

6.1CVSS5.9AI score0.00765EPSS
Exploits0References2
Prion
Prion
added 2016/03/03 3:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

4.3CVSS6AI score0.00765EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder