What is CVE-2016-6417?

CVE-2016-6417 is a high-severity vulnerability in Cisco Firesight_system_software, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-10-05.

How severe is CVE-2016-6417?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Cisco Firesight_system_software

CVE-2016-6417

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (31.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Cisco Firesight_system_software — versions 4.10.2, 4.10.2.1, 4.10.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

1036918 (vdb-entry, x_refsource_SECTRACK)
20160928 Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
93199 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-6417?: CVE-2016-6417 is a high-severity vulnerability in Cisco Firesight_system_software, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-10-05.
How severe is CVE-2016-6417?: High severity. CVSS v3 base score is 8.8 out of 10.