Cross-Site Request Forgery Vulnerability in Cisco FireSIGHT and Firepower Management Center
CVE-2016-6417

8.8HIGH

Key Information:

Vendor
Cisco
Status
Firesight System Software
Vendor
CVE Published:
5 October 2016

Summary

A cross-site request forgery (CSRF) vulnerability exists in Cisco FireSIGHT System Software and Firepower Management Center, allowing remote attackers to potentially hijack user authentication. This occurs through crafted requests that can be executed by the victim without their consent when they are logged in. Understanding this vulnerability is crucial for ensuring the integrity and security of user sessions, preventing unauthorized actions within the affected systems.

References

http://www.securitytracker.com/id/1036918
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/93199
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.