Vulnerabilities > CVE-2016-1356 - Credentials Management vulnerability in Cisco Firesight System Software 6.1.0

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

high complexity

cisco

CWE-255

NVD

Published: 2016-03-03

Updated: 2016-12-03

Summary

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Firesight System Software _6.1.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1
http://www.securitytracker.com/id/1035189