CVE-2016-6396

CWE-20 โ€” Improper Input Validation4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 37.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firesight System Software
Timeline
PublishedSep 12
Latest updateMay 17

Description

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

โ–ถNVDcisco/firesight_system_software52 versions+51

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-vfvq-9m42-xwvq: Cisco Firepower Management Center before 6โ†—2022-05-17
โ–ถ
CVEList
CVE-2016-6396: Cisco Firepower Management Center before 6โ†—2016-09-12
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerabilityโ†—2016-09-07
โ–ถ