CVE-2015-6371

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue is related to a lack of protection for internal data in the Cisco Firepower Extensible Operating System. It allows a remote attacker to read arbitrary files by passing crafted parameters to unspecified scripts.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the affected scripts until a patch is available. As a temporary workaround, avoid using crafted parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.