CVE-2016-1345

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASA With Firepower Services Cisco Firesight System Software

Timeline

PublishedApr 1

Latest updateMay 17

Description

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/firesight_system_software14 versions+13

▶NVDcisco/asa_with_firepower_services9 versions+8

🔴Vulnerability Details

GHSA

GHSA-xmgp-gw66-397h: Cisco FireSIGHT System Software 5↗2022-05-17

▶

CVEList

CVE-2016-1345: Cisco FireSIGHT System Software 5↗2016-04-01

▶

📋Vendor Advisories

Cisco

Cisco Firepower Malware Block Bypass Vulnerability↗2016-03-30

▶