Vulnerabilities > CVE-2016-1356 - Credentials Management vulnerability in Cisco Firesight System Software 6.1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

cisco

CWE-255

NVD

Published: 2016-03-03

Updated: 2016-12-03

Summary

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Firesight System Software _6.1.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1
http://www.securitytracker.com/id/1035189