Lucene search
K
CiscoFiresight System Software

35 matches found

CVE
CVE
added 2016/09/12 10:0 a.m.202 views

CVE-2016-6396

Cisco Firepower Management Center and FireSIGHT System Software before 6.1 are affected by CVE-2016-6396. The issue arises from improper validation of HTTP header fields in the malware blocking/detection features, which could allow an unauthenticated, remote attacker to bypass malware detection b...

5.3CVSS5.3AI score0.01244EPSS
CVE
CVE
added 2017/08/07 6:0 a.m.67 views

CVE-2017-6766

Cisco Firepower System Software versions 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 contain a vulnerability (CVE-2017-6766) in the SSL Decryption and Inspection feature that allows an unauthenticated, remote attacker to bypass SSL policy for decrypting and inspecting traffic. The issue a...

7.5CVSS7.4AI score0.01162EPSS
CVE
CVE
added 2015/11/18 11:0 a.m.66 views

CVE-2015-6357

Cisco FireSIGHT Management Center (MC) versions 5.2–5.4.0.1 are affected by CVE-2015-6357 due to the rule-update feature not verifying the X.509 certificate of the support.sourcefire.com SSL server. This enables a man-in-the-middle attacker to spoof the server and deliver an invalid package, pote...

6.8CVSS7.1AI score0.02634EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.66 views

CVE-2016-9193

CVE-2016-9193 affects Cisco Firepower Management Center and FireSIGHT System Software when using a file policy with Block Malware. The root cause is described as incorrect handling of duplicate downloads of malware files, enabling an unauthenticated, remote attacker to bypass malware detection/bl...

7.5CVSS7.5AI score0.01957EPSS
CVE
CVE
added 2016/01/16 2:0 a.m.65 views

CVE-2016-1293

Cisco FireSIGHT Management Center (6.0.0 and 6.0.1) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web interface. The issues arise from improper sanitization of parameters, enabling an unauthenticated or remote attacker to inject arbitrary web script or HTML via unspeci...

6.1CVSS6AI score0.01122EPSS
CVE
CVE
added 2015/10/31 1:0 a.m.64 views

CVE-2015-6353

Cisco FireSight Management Center (MC) vulnerability CVE-2015-6353 affects MC 5.3.1.5 and 5.4.x up to 5.4.1.3 where an authenticated remote attacker can inject arbitrary web script or HTML via unspecified parameters, due to improper input sanitization. The issue is confirmed by multiple sources, ...

3.5CVSS5.5AI score0.01085EPSS
CVE
CVE
added 2015/07/08 2:0 p.m.62 views

CVE-2015-4242

The CVE-2015-4242 issue affects Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 within FireSIGHT Management Center. Root cause: insufficient CSRF protections, enabling cross-site request forgery. Impact: remote attackers could hijack the authentication of arbitrary users and perform unauthorize...

6.8CVSS7.4AI score0.00996EPSS
CVE
CVE
added 2015/08/19 2:0 p.m.62 views

CVE-2015-4302

Cisco FireSIGHT Management Center 5.3.1.4 contains a web interface vulnerability that allows remote authenticated attackers to delete arbitrary system policies by sending crafted HTTP POST parameters. The root cause is improper input validation of POST fields, enabling an attacker to delete a pol...

6.4CVSS7AI score0.02152EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.61 views

CVE-2016-6471

CVE-2016-6471 affects Cisco Firepower Management Center (FireSIGHT) web-based management interface. The vulnerability arises from improper masking of sensitive data in HTTP responses, allowing an authenticated, remote attacker to view the Remote Storage Password by navigating specific configurati...

6.5CVSS6.4AI score0.02194EPSS
CVE
CVE
added 2016/03/03 10:0 p.m.60 views

CVE-2016-1356

CVE-2016-1356 affects Cisco FireSIGHT System Software 6.1.0, where credential verification does not use a constant-time algorithm. This timing variability enables remote attackers to enumerate valid usernames via measurement of responses, as described in Cisco’s FireSIGHT advisory (cisco-sa-20160...

4.3CVSS4.6AI score0.00831EPSS
CVE
CVE
added 2015/06/12 10:0 a.m.59 views

CVE-2015-0737

Cisco FireSIGHT System Software 5.3.1.1 contains multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via crafted GET or POST parameters (Bug ID CSCuu11099). Root cause cited: insufficient input validation. Affects Cisco FireSIGHT System Software; adviso...

4.3CVSS5.8AI score0.01546EPSS
CVE
CVE
added 2015/12/12 4:0 p.m.58 views

CVE-2015-6419

Cisco FireSIGHT Management Center (versions 4.10.3, 5.2.0, 5.3.0, 5.3.1, 5.4.0) contains an information-disclosure vulnerability in the GET request handling. An authenticated, remote attacker can trigger the flaw by sending crafted GET requests due to improper sanitation of user-supplied input, p...

6.8CVSS6.4AI score0.0115EPSS
CVE
CVE
added 2015/06/12 10:0 a.m.57 views

CVE-2015-0773

Cisco FireSIGHT Management Center (System Software 5.3.1.3 and 6.0.0) is affected by CVE-2015-0773. The issue allows remote authenticated users to delete another user’s dashboard by submitting a modified VPN deletion request within a management session, due to improper validation of the deletion ...

5.5CVSS6.5AI score0.016EPSS
CVE
CVE
added 2015/12/18 11:0 a.m.57 views

CVE-2015-6427

CVE-2015-6427 describes a vulnerability in Cisco FireSIGHT Management Center where the HTTP attack detection of decrypted SSL traffic can be bypassed. The issue stems from improper handling of SSL-decrypted sessions, allowing an unauthenticated, remote attacker to bypass HTTP attack detection rul...

5CVSS6.9AI score0.01733EPSS
CVE
CVE
added 2015/04/23 1:0 a.m.56 views

CVE-2015-0707

Cisco FireSIGHT System Software versions 5.3.1.1 and 6.0.0 in FireSIGHT Management Center are affected by a cross-site scripting (XSS) vulnerability. The issue allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter (Bug ID CSCus85425). Impact is web ...

3.5CVSS5.5AI score0.00783EPSS
CVE
CVE
added 2015/10/25 1:0 a.m.56 views

CVE-2015-6335

Cisco FireSIGHT Management Center for VMware is affected by a policy-code vulnerability (Bug CSCuw12839) in versions 5.3.1.7, 5.4.0.4 and 6.0.0. An authenticated remote administrator may bypass policy restrictions and execute Linux commands as root on the underlying OS due to insufficient sanitiz...

9CVSS7AI score0.02745EPSS
CVE
CVE
added 2016/09/12 10:0 a.m.56 views

CVE-2016-6395

Cisco Firepower Management Center and FireSIGHT System Software are affected by CVE-2016-6395; the web-based management interface vulnerability allows remote authenticated users to inject arbitrary script or HTML via a crafted URL (XSS) in versions before 6.1. The issue is associated with Bug ID ...

5.4CVSS5AI score0.01104EPSS
CVE
CVE
added 2015/10/31 1:0 a.m.55 views

CVE-2015-6354

Cisco FireSight Management Center (MC) is affected by CVE-2015-6354, with vulnerable versions 5.4.1.3 and 6.0. The flaw is a cross-site scripting (XSS) vulnerability caused by improper sanitization of parameter values in the MC web interface, allowing an authenticated, remote attacker to inject a...

3.5CVSS5.5AI score0.01085EPSS
CVE
CVE
added 2015/11/12 2:0 a.m.54 views

CVE-2015-6363

Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability (CVE-2015-6363) affects MC 5.4.1.4 and 6.0.1. The root cause is improper sanitization of parameter values in the web framework, allowing an authenticated remote attacker to inject arbitrary script/HTML via unspecif...

3.5CVSS5.5AI score0.01075EPSS
CVE
CVE
added 2016/07/28 1:0 a.m.54 views

CVE-2016-1463

CVE-2016-1463 affects Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1. The root cause is improper handling of HTTP header parameters, enabling a remote, unauthenticated attacker to bypass Snort-based rules in the device. Affected component/behavior: Snort rule detection proces...

7.5CVSS7.5AI score0.02113EPSS
CVE
CVE
added 2017/07/10 8:0 p.m.53 views

CVE-2017-6735

Cisco FireSIGHT System Software (FireSIGHT Management Center) is affected by CVE-2017-6735 due to improper handling of modified backup configuration files in the backup and restore functionality. Aauthenticated local attacker can execute arbitrary code on the targeted appliance with root privileg...

7.2CVSS6.7AI score0.0042EPSS
CVE
CVE
added 2015/05/19 1:0 a.m.52 views

CVE-2015-0739

Cisco FireSIGHT System Software 5.3.0 (Sourcefire 3D Sensor) LOM vulnerability allows remote authenticated users to perform arbitrary BMC file uploads via unspecified vectors; root cause is insufficient input validation in Lights-Out Management. Exploitation could lead to arbitrary code execution...

4CVSS6.7AI score0.02009EPSS
CVE
CVE
added 2015/06/04 10:0 a.m.52 views

CVE-2015-0766

CVE-2015-0766 affects Cisco FireSIGHT Management Center (Defense Center) admin web interface in FireSIGHT System Software 6.0.0. Multiple XSS vulnerabilities allow remote attackers to inject arbitrary script/HTML via unspecified fields, potentially enabling session hijack or data disclosure. Docu...

4.3CVSS5.9AI score0.01546EPSS
CVE
CVE
added 2015/07/14 5:0 p.m.51 views

CVE-2015-4270

CVE-2015-4270 concerns Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0, where multiple cross-site scripting (XSS) vulnerabilities exist due to insufficient validation of user-supplied input. A remote attacker could inject arbitrary script via a crafted URL, potentially compromising sessions or ...

4.3CVSS5.8AI score0.01546EPSS
CVE
CVE
added 2016/04/01 12:0 a.m.51 views

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0–6.0.1 and ASA with FirePOWER Services 5.4.0–6.0.0.1 are affected by CVE-2016-1345, due to improper input validation of HTTP header fields, allowing remote attackers to bypass malware protection. Impact is the ability to install or pass malware without detecti...

7.5CVSS7.5AI score0.01399EPSS
CVE
CVE
added 2016/05/05 9:0 p.m.51 views

CVE-2016-1368

CVE-2016-1368 affects Cisco FirePOWER System Software 5.3.x (up to 5.3.0.6) and 5.4.x (up to 5.4.0.3) on FirePOWER 7000/8000 appliances and the AMP for Networks component. The issue is caused by improper packet handling in the packet-processing subsystem when packets are passed through sensing in...

7.8CVSS7.4AI score0.01649EPSS
CVE
CVE
added 2015/04/23 1:0 a.m.50 views

CVE-2015-0706

Cisco FireSIGHT Management Center/Open Redirect: A vulnerability in the web framework allows an unauthenticated, remote attacker to inject a crafted HTTP header, causing users to be redirected to arbitrary sites and enabling phishing. Affected are FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6...

5.8CVSS6.8AI score0.01096EPSS
CVE
CVE
added 2016/09/24 1:0 a.m.50 views

CVE-2016-6411

Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 are affected by CVE-2016-6411, where the system mishandles comparisons between URLs and X.509 certificates, due to lack of verification of HTTP URL input against the SSL certificate. This allows an unauthenticated, remote attac...

7.5CVSS7.4AI score0.00749EPSS
CVE
CVE
added 2016/01/16 2:0 a.m.49 views

CVE-2016-1294

CVE-2016-1294 is a cross-site scripting (XSS) vulnerability in Cisco FireSIGHT Management Center’s web interface (Management Center) on System Software 6.0.1. The issue arises from cookie handling and could allow remote attackers to inject arbitrary script or HTML via a crafted cookie. The vulner...

6.1CVSS5.9AI score0.01122EPSS
CVE
CVE
added 2016/09/12 10:0 a.m.49 views

CVE-2016-6394

Cisco Firepower Management Center and FireSIGHT System Software (up to version 6.1.0) suffer a session fixation flaw where the application does not assign a new session identifier after authentication, enabling an attacker to hijack a valid user session. Root cause: insecure session handling in t...

9.1CVSS9AI score0.01448EPSS
CVE
CVE
added 2016/03/03 3:0 p.m.48 views

CVE-2016-1355

Summary: CVE-2016-1355 is an XSS vulnerability in the Device Management UI of Cisco FireSIGHT System Software 6.1.0. The root cause is insufficient input validation in the HTTP web-based management interface, enabling a remote attacker to inject arbitrary web script or HTML via a crafted value. T...

6.1CVSS5.9AI score0.00765EPSS
CVE
CVE
added 2016/10/05 10:0 a.m.48 views

CVE-2016-6420

CVE-2016-6420 affects Cisco FireSIGHT System Software used by Firepower Management Center (FMC) versions 4.10.3–5.4.0. The vulnerability is due to improper authorization checks in the FMC web framework, allowing remote authenticated users to bypass authorization and gain elevated privileges via a...

6.8CVSS6.2AI score0.01837EPSS
CVE
CVE
added 2016/11/19 2:45 a.m.48 views

CVE-2016-6460

CVE-2016-6460 describes a vulnerability in the FTP REST API of Cisco Firepower System Software where an unauthenticated attacker can bypass FTP malware detection and download malware over FTP when a file policy blocks FTP malware. Affected releases include 5.4.0.2, 5.4.1.1, 5.4.1.6, 6.0.0, 6.1.0,...

7.5CVSS7.5AI score0.01553EPSS
CVE
CVE
added 2016/10/05 5:0 p.m.47 views

CVE-2016-6417

Cisco FireSIGHT System Software (4.10.2–6.1.0) and Firepower Management Center are affected by CVE-2016-6417, a Cross‑Site Request Forgery vulnerability that lets remote attackers hijack the authentication of arbitrary users. The underlying issue is CSRF in the management interfaces, enabling una...

8.8CVSS8.9AI score0.00629EPSS
CVE
CVE
added 2016/07/03 1:0 a.m.46 views

CVE-2016-1394

Cisco Firepower System Software versions 6.0.0–6.1.0 are affected by a hardcoded/default account that allows unauthenticated, remote CLI login by exploiting knowledge of the password (Bug CSCuz56238). The vulnerability stems from a default static password created during installation, enabling the...

8.6CVSS8.4AI score0.01012EPSS