Vulnerabilities > Cisco > Firesight System Software > 6.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2017-6766 Unspecified vulnerability in Cisco Firesight System Software
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system.
network
low complexity
cisco
7.5
2016-12-14 CVE-2016-9193 Improper Input Validation vulnerability in Cisco products
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
network
low complexity
cisco CWE-20
7.5
2016-11-19 CVE-2016-6460 7PK - Security Features vulnerability in Cisco Firesight System Software
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection.
network
low complexity
cisco CWE-254
7.5
2016-10-05 CVE-2016-6417 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firesight System Software
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
network
low complexity
cisco CWE-352
8.8
2016-09-12 CVE-2016-6394 Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.
network
low complexity
cisco CWE-264
critical
9.1
2016-07-03 CVE-2016-1394 Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
network
low complexity
cisco CWE-264
8.6
2016-03-03 CVE-2016-1356 Credentials Management vulnerability in Cisco Firesight System Software 6.1.0
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
network
high complexity
cisco CWE-255
3.7
2016-03-03 CVE-2016-1355 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.1.0
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.
network
low complexity
cisco CWE-79
6.1