CVE-2015-4302

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.4MEDIUM

EPSS

0.7%

top 28.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedAug 19

Latest updateMay 17

Description

The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/firesight_system_software5.3.1.4

🔴Vulnerability Details

GHSA

GHSA-r9jq-vwjm-mmc4: The web interface in Cisco FireSIGHT Management Center 5↗2022-05-17

▶

CVEList

CVE-2015-4302: The web interface in Cisco FireSIGHT Management Center 5↗2015-08-19

▶

📋Vendor Advisories

Cisco

Cisco FireSIGHT Management Center System Policy Deletion Vulnerability↗2015-08-13

▶