Information disclosure in Cisco Firepower_extensible_operating_system

CVE-2015-6371

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621.

Vulnerability class: Information Disclosure

EPSS: 0.002 (38.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Firepower_extensible_operating_system — versions 1.1\(1.160\)
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20151117 Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)