CVE-2015-6372

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue exists due to insufficient protection of the web page structure in the web interface of the Cisco Firepower Extensible Operating System. This allows a remote attacker to inject arbitrary web script or HTML code by entering special parameters, potentially leading to cross-site scripting (XSS).

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the web-based management interface until a patch is available. As a temporary workaround, avoid using the interface with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.