CVE-2016-6417

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.1%
top 67.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firesight System Software
Timeline
PublishedOct 5
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-753w-64gh-hm9r: Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 42022-05-17
CVEList
CVE-2016-6417: Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 42016-10-05

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability2016-09-28