Information disclosure in Cisco Firepower_extensible_operating_system

CVE-2015-6368

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.

Vulnerability class: Information Disclosure

EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Firepower_extensible_operating_system — versions 1.1\(1.160\)
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20151116 Cisco Firepower 9000 Unauthenticated File Access Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)