Cross-Site Scripting Issue in Cisco Firepower Management Interface
CVE-2015-6372

Currently unrated

Key Information:

Vendor: Cisco
Status: Firepower Extensible Operating System
Vendor: CVE Published:; 18 November 2015

What is CVE-2015-6372?

The vulnerability in the web-based management interface of Cisco Firepower Extensible Operating System allows remote attackers to exploit insufficient validation of user-supplied input. By injecting arbitrary web script or HTML through a crafted value, attackers may execute malicious scripts in the context of a user's session. This could lead to unauthorized actions on behalf of users, potentially compromising sensitive information and network integrity.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2015
Vulnerability Reserved
Aug 17, 2015