CVE-2016-1394

CWE-255CWE-264CWE-787 โ€” Out-of-bounds Write9 documents8 sources
Severity
8.6HIGH
EPSS
0.7%
top 28.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firesight System Software
Timeline
PublishedJul 3
Latest updateMay 17

Description

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages1 packages

โ–ถNVDcisco/firesight_system_software4 versions+3

๐Ÿ”ดVulnerability Details

5
GHSA
GHSA-f85w-fjcq-h2fw: Cisco Firepower System Software 6โ†—2022-05-17
โ–ถ
OSV
linux vulnerabilitiesโ†—2017-10-10
โ–ถ
Kernel
Merge tag 'firewire-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394โ†—2016-11-05
โ–ถ
Kernel
firewire: net: guard against rx buffer overflowsโ†—2016-10-29
โ–ถ
CVEList
CVE-2016-1394: Cisco Firepower System Software 6โ†—2016-07-03
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
kernel: Buffer overflow in firewire driver via crafted incoming packetsโ†—2016-11-06
โ–ถ
Cisco
Cisco Firepower System Software Static Credential Vulnerabilityโ†—2016-06-29
โ–ถ