CVE-2015-6368

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The issue is related to a lack of protection for service data in the Cisco Firepower Extensible Operating System. It can be exploited by a remote attacker using a specially crafted HTTP request to gain read access to files.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the HTTP endpoint until a patch is available. As a temporary workaround, limit the use of the affected system to minimize the risk of exploitation.