CVE-2016-6394

CWE-2644 documents4 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 46.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedSep 12

Latest updateMay 17

Description

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDcisco/firesight_system_software38 versions+37

🔴Vulnerability Details

GHSA

GHSA-gqcc-hr56-mwvj: Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6↗2022-05-17

▶

CVEList

CVE-2016-6394: Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6↗2016-09-12

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability↗2016-09-07

▶