Certificate Validation Flaw in Cisco FireSIGHT Management Center
CVE-2015-6357

Currently unrated

Key Information:

Vendor: Cisco
Status: Firesight System Software
Vendor: CVE Published:; 18 November 2015

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The rule-update feature in Cisco FireSIGHT Management Center versions 5.2 to 5.4.0.1 is susceptible to a certificate validation vulnerability. This flaw arises from the system's failure to verify the X.509 certificate for the support.sourcefire.com SSL server. Exploitation allows potential man-in-the-middle attackers to spoof the SSL server, leading to the delivery of malicious packages and the possibility of executing arbitrary code using crafted certificates. This vulnerability underscores the critical importance of proper SSL certificate validation to maintain network security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

firepwner
Created by mattimustang

References

http://www.securitytracker.com/id/1034161

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://packetstormsecurity.com/files/134390/Cisco-FireSIG...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 18, 2015
🟡
Public PoC available
Nov 16, 2015
👾
Exploit known to exist
Nov 16, 2015
Vulnerability Reserved
Aug 17, 2015