CVE-2016-9193

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software Cisco Secure Firewall Management Center

Timeline

PublishedDec 14

Latest updateMay 17

Description

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/firesight_system_software6 versions+5

▶NVDcisco/secure_firewall_management_center6 versions+5

▶CVEListV5cisco_firesightCisco FireSIGHT

🔴Vulnerability Details

GHSA

GHSA-32jx-4w8w-vxmx: A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could a↗2022-05-17

▶

CVEList

CVE-2016-9193: A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could a↗2016-12-14

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability↗2016-12-07

▶