VYPR

Firesight System Software

by Cisco Systems, Inc.

CVEs (55)

  • CVE-2016-6394CriSep 12, 2016
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

  • CVE-2016-6417HigOct 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

  • CVE-2018-0383HigJul 16, 2018
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected…

  • CVE-2018-0233HigApr 19, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device,…

  • CVE-2016-1394HigJul 3, 2016
    risk 0.56cvss 8.6epss 0.01

    Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.

  • CVE-2018-0453HigOct 5, 2018
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower…

  • CVE-2018-0455HigOct 5, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device…

  • CVE-2018-0385HigJul 16, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The…

  • CVE-2018-0370HigJul 16, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of…

  • CVE-2017-6766HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting…

  • CVE-2017-6674HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1…

  • CVE-2016-9193HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco…

  • CVE-2016-6460HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco…

  • CVE-2016-6411HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.

  • CVE-2016-1463HigJul 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.

  • CVE-2016-1368HigMay 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing…

  • CVE-2016-1345HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

  • CVE-2017-6735MedJul 10, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.

  • CVE-2018-0278MedMay 2, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker…

  • CVE-2016-6471MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.

Page 1 of 3