CVE-2016-1356

CWE-255 CWE-287 — Improper Authentication4 documents4 sources

Severity

3.7LOW

EPSS

0.2%

top 53.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedMar 3

Latest updateMay 17

Description

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/firesight_system_software_6.1.0

🔴Vulnerability Details

GHSA

GHSA-j66f-ff6x-m5fc: Cisco FireSIGHT System Software 6↗2022-05-17

▶

CVEList

CVE-2016-1356: Cisco FireSIGHT System Software 6↗2016-03-03

▶

📋Vendor Advisories

Cisco

Cisco FireSIGHT System Software Convert Timing Channel Vulnerability↗2016-03-02

▶