Malware Bypass Vulnerability in Cisco Firepower Management Center
CVE-2016-6396

5.3MEDIUM

Key Information:

Vendor

Cisco
Status
Firesight System Software
Vendor
CVE Published:
12 September 2016

What is CVE-2016-6396?

Cisco Firepower Management Center and FireSIGHT System Software prior to version 6.1 are susceptible to a malware bypass vulnerability. This occurs when specific malware blocking options are enabled, enabling remote attackers to circumvent malware detection mechanisms by manipulating certain fields in HTTP headers. Attackers can exploit this flaw to potentially execute unauthorized actions or gain access to sensitive information, highlighting the importance of keeping software up to date and employing rigorous security measures.

References

http://www.securityfocus.com/bid/92826
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036756
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.