What is CVE-2016-6396?

CVE-2016-6396 is a medium-severity vulnerability in Cisco Firesight_system_software, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2016-09-12.

How severe is CVE-2016-6396?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Improper input validation in Cisco Firesight_system_software

CVE-2016-6396

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSC…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (63.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Cisco Firesight_system_software — versions 5.1.0, 5.1.0.1, 5.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

92826 (vdb-entry, x_refsource_BID)
1036756 (vdb-entry, x_refsource_SECTRACK)
20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6396?: CVE-2016-6396 is a medium-severity vulnerability in Cisco Firesight_system_software, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2016-09-12.
How severe is CVE-2016-6396?: Medium severity. CVSS v3 base score is 5.3 out of 10.