CVE-2015-6373

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to gain access to the authentication data of arbitrary users. CSRF is a type of attack that tricks a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the authentication module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable API endpoints related to user authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.