CVE-2016-1463

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedJul 28

Latest updateMay 17

Description

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/firesight_system_software5 versions+4

🔴Vulnerability Details

GHSA

GHSA-4fj8-8h7f-8rjg: Cisco FireSIGHT System Software 5↗2022-05-17

▶

CVEList

CVE-2016-1463: Cisco FireSIGHT System Software 5↗2016-07-28

▶

📋Vendor Advisories

Cisco

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability↗2016-07-27

▶