PT-2016-6885 · Cisco · Firesight System+1

Published

2016-09-24

Updated

2017-07-30

CVE-2016-6411

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center and FireSIGHT System Software version 6.0.1

Description The issue arises from the mishandling of comparisons between URLs and X.509 certificates, allowing remote attackers to bypass intended do-not-decrypt settings via a crafted URL.

Recommendations For Cisco Firepower Management Center and FireSIGHT System Software version 6.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-6411

Affected Products

Cisco Firepower Management Center

Firesight System

PT-2016-6885 · Cisco · Firesight System+1

CVE-2016-6411

Weakness Enumeration

Related Identifiers

Affected Products

References · 4