Vulnerabilities > Cisco > Firesight System Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-6766 | Unspecified vulnerability in Cisco Firesight System Software A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. | 7.5 |
| 2017-07-10 | CVE-2017-6735 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.2.0/6.2.1 A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. | 6.7 |
| 2016-12-14 | CVE-2016-9193 | Improper Input Validation vulnerability in Cisco products A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. | 7.5 |
| 2016-12-14 | CVE-2016-6471 | Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6 A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. | 6.5 |
| 2016-11-19 | CVE-2016-6460 | 7PK - Security Features vulnerability in Cisco Firesight System Software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. | 7.5 |
| 2016-10-05 | CVE-2016-6417 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firesight System Software Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. | 8.8 |
| 2016-10-05 | CVE-2016-6420 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | 6.5 |
| 2016-09-24 | CVE-2016-6411 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.0.1 Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. | 7.5 |
| 2016-09-12 | CVE-2016-6396 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. | 5.3 |
| 2016-09-12 | CVE-2016-6395 | Cross-site Scripting vulnerability in Cisco Firesight System Software Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | 5.4 |