280 matches found
Information disclosure
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...
Cisco Firepower URL Bypass Vulnerability
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Design/Logic Flaw
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6...
CVE-2016-9193
CVE-2016-9193 affects Cisco Firepower Management Center and FireSIGHT System Software when using a file policy with Block Malware. The root cause is described as incorrect handling of duplicate downloads of malware files, enabling an unauthenticated, remote attacker to bypass malware detection/bl...
CVE-2016-9193
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Managemen...
Cisco Firepower Management Center Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from ...
Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to the incorrect...
Design/Logic Flaw
A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System...
CVE-2016-6460
A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System...
Cisco Firepower System Software Security Bypass Vulnerability (CNVD-2016-11329)
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A security bypass vulnerability exists in Cisco Firepower System Software, which can be exploited by attackers to bypass security restrictions and perform unauthorized operations...
CVE-2016-6439
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper...
CVE-2016-6439
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper...
CVE-2016-6439
CVE-2016-6439 affects Cisco Firepower System Software prior to 6.0.1. The denial-of-service arises in the detection engine’s HTTP packet stream reassembly, where an unauthenticated remote attacker can send crafted HTTP streams to trigger the Snort process to restart. If the Snort process restarts...
Cisco FireSIGHT System Software Privilege Escalation Vulnerability
A vulnerability in the web framework of the Cisco Firepower Management Center running on Cisco FireSIGHT System Software could allow authenticated, remote attackers to elevate privileges to access data outside their roles. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...
CVE-2016-6396
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...
CVE-2016-6395
Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658...
CVE-2016-6394
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
CVE-2016-6394
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
Session fixation
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...