Vulnerabilities > Cisco > Firesight System Software > 6.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-07 | CVE-2017-6766 | Unspecified vulnerability in Cisco Firesight System Software A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. | 7.5 |
2016-12-14 | CVE-2016-9193 | Improper Input Validation vulnerability in Cisco products A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. | 7.5 |
2016-11-19 | CVE-2016-6460 | 7PK - Security Features vulnerability in Cisco Firesight System Software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. | 7.5 |
2016-10-05 | CVE-2016-6417 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firesight System Software Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. | 8.8 |
2016-09-12 | CVE-2016-6394 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | 9.1 |
2016-07-03 | CVE-2016-1394 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | 8.6 |
2016-03-03 | CVE-2016-1356 | Credentials Management vulnerability in Cisco Firesight System Software 6.1.0 Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | 3.7 |
2016-03-03 | CVE-2016-1355 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.1.0 Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. | 6.1 |