280 matches found
CVE-2016-6395
Cisco Firepower Management Center and FireSIGHT System Software are affected by CVE-2016-6395; the web-based management interface vulnerability allows remote authenticated users to inject arbitrary script or HTML via a crafted URL (XSS) in versions before 6.1. The issue is associated with Bug ID ...
CVE-2016-6394
Cisco Firepower Management Center and FireSIGHT System Software (up to version 6.1.0) suffer a session fixation flaw where the application does not assign a new session identifier after authentication, enabling an attacker to hijack a valid user session. Root cause: insecure session handling in t...
CVE-2016-6396
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...
Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A session fixation vulnerability exists in Cisco Firepower Management Center and FireSIGHT System Software, which allows remote attackers to exploit the vulnerability to...
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A cross-site scripting vulnerability in the web-based management interface of Cisco Firepower Management Center and FireSIGHT System Software allows remote attackers to...
Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...
Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability
A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...
Design/Logic Flaw
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...
CVE-2016-1463
CVE-2016-1463 affects Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1. The root cause is improper handling of HTTP header parameters, enabling a remote, unauthenticated attacker to bypass Snort-based rules in the device. Affected component/behavior: Snort rule detection proces...
Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability
Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...
CVE-2016-1394
Cisco Firepower System Software versions 6.0.0–6.1.0 are affected by a hardcoded/default account that allows unauthenticated, remote CLI login by exploiting knowledge of the password (Bug CSCuz56238). The vulnerability stems from a default static password created during installation, enabling the...
CVE-2016-1394
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...
Cisco Firepower System Software Privilege Gain Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A privilege-acquisition vulnerability exists in Cisco Firepower System Software version 6.0 and above, which stems from a default static password included in the program. A remote attacker can use this...
Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability
A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to the use of incorrect installation and permissions settings for binary files...
CVE-2016-1368
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection AMP for Networks component on these appliances, allows remote attackers to cause a denial of service packet-processing outage via crafted...
Cisco FireSIGHT System Software Multiple Vulnerabilities
A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. A vulnerability in the HTTP web-based management interface ...
Cisco FireSIGHT System Software Convert Timing Channel Information Disclosure Vulnerability
Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...
CVE-2016-1356
CVE-2016-1356 affects Cisco FireSIGHT System Software 6.1.0, where credential verification does not use a constant-time algorithm. This timing variability enables remote attackers to enumerate valid usernames via measurement of responses, as described in Cisco’s FireSIGHT advisory (cisco-sa-20160...
CVE-2016-1355
Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...
CVE-2016-1355
Summary: CVE-2016-1355 is an XSS vulnerability in the Device Management UI of Cisco FireSIGHT System Software 6.1.0. The root cause is insufficient input validation in the HTTP web-based management interface, enabling a remote attacker to inject arbitrary web script or HTML via a crafted value. T...