4 matches found
CVE-2015-6357
The rule-update feature in Cisco FireSIGHT Management Center MC 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code...
Design/Logic Flaw
The rule-update feature in Cisco FireSIGHT Management Center MC 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code...
CVE-2015-6357
The rule-update feature in Cisco FireSIGHT Management Center MC 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code...
CVE-2015-6357
Cisco FireSIGHT Management Center (MC) versions 5.2–5.4.0.1 are affected by CVE-2015-6357 due to the rule-update feature not verifying the X.509 certificate of the support.sourcefire.com SSL server. This enables a man-in-the-middle attacker to spoof the server and deliver an invalid package, pote...