Security Bypass Vulnerability in Cisco Firepower Management Center and FireSIGHT System Software
CVE-2016-6411

7.5HIGH

Key Information:

Vendor: Cisco
Status: Firesight System Software
Vendor: CVE Published:; 24 September 2016

Summary

A vulnerability in Cisco Firepower Management Center and FireSIGHT System Software versions 6.0.1 permits remote attackers to exploit improper handling of comparisons between URLs and X.509 certificates. By crafting specific URLs, attackers can bypass the intended do-not-decrypt settings, potentially exposing sensitive data to unauthorized access. This issue highlights significant risks associated with misconfigured SSL inspection mechanisms within these Cisco products.

References

http://www.securitytracker.com/id/1036877

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2016
Vulnerability Reserved
Jul 26, 2016