Cisco Firesight_system_software
35 CVEs affecting Cisco Firesight_system_software. Latest disclosed: 2017-08-07. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6394 | Critical | 9.1 | 2016-09-12 | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web ses… |
CVE-2016-6417 | High | 8.8 | 2016-10-05 | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers… |
CVE-2016-1394 | High | 8.6 | 2016-07-03 | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the… |
CVE-2017-6766 | High | 7.5 | 2017-08-07 | A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1… |
CVE-2016-9193 | High | 7.5 | 2016-12-14 | A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an u… |
CVE-2016-6460 | High | 7.5 | 2016-11-19 | A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unau… |
CVE-2016-6411 | High | 7.5 | 2016-09-24 | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers… |
CVE-2016-1463 | High | 7.5 | 2016-07-28 | Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HT… |
CVE-2016-1368 | High | 7.5 | 2016-05-05 | Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (… |
CVE-2016-1345 | High | 7.5 | 2016-04-01 | Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection v… |
CVE-2017-6735 | Medium | 6.7 | 2017-07-10 | A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary co… |
CVE-2016-6471 | Medium | 6.5 | 2016-12-14 | A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remo… |
CVE-2016-6420 | Medium | 6.5 | 2016-10-05 | Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain p… |
CVE-2016-1355 | Medium | 6.1 | 2016-03-03 | Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attacke… |
CVE-2016-1294 | Medium | 6.1 | 2016-01-16 | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web scri… |
CVE-2016-1293 | Medium | 6.1 | 2016-01-16 | Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to injec… |
CVE-2016-6395 | Medium | 5.4 | 2016-09-12 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software be… |
CVE-2016-6396 | Medium | 5.3 | 2016-09-12 | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attacker… |
CVE-2016-1356 | Low | 3.7 | 2016-03-03 | Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate… |
CVE-2015-6427 | | 2015-12-18 | Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session t… |