Sign-up

ID

VAR-201512-0400


CVE

CVE-2015-6427


TITLE

Cisco FireSIGHT Management Center In HTTP Vulnerabilities that can bypass the attack detection function

Trust: 0.8

sources: JVNDB: JVNDB-2015-006478

DESCRIPTION

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. Vendors have confirmed this vulnerability Bug ID CSCux53437 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. The Cisco FireSIGHT Management Center is a suite of management software from Cisco, Inc. that supports centralized management of network security and operational features of Cisco ASA and Cisco FirePOWER network security appliances using FirePOWER Services. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2015-6427 // JVNDB: JVNDB-2015-006478 // CNVD: CNVD-2015-08488 // BID: 79739 // VULHUB: VHN-84388

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08488

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firesight management centerscope: - version: -

Trust: 0.6

vendor:ciscomodel:firesight system softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-08488 // BID: 79739 // JVNDB: JVNDB-2015-006478 // CNNVD: CNNVD-201512-536 // NVD: CVE-2015-6427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6427
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6427
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08488
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-536
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6427
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08488
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84388
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-08488 // VULHUB: VHN-84388 // JVNDB: JVNDB-2015-006478 // CNNVD: CNNVD-201512-536 // NVD: CVE-2015-6427

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-84388 // JVNDB: JVNDB-2015-006478 // NVD: CVE-2015-6427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-536

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201512-536

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006478

PATCH
title:cisco-sa-20151217-fsmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006478

EXTERNAL IDS
db:NVDid:CVE-2015-6427
Trust: 3.4
db:SECTRACKid:1034488
Trust: 1.1
db:JVNDBid:JVNDB-2015-006478
Trust: 0.8
db:CNNVDid:CNNVD-201512-536
Trust: 0.7
db:CNVDid:CNVD-2015-08488
Trust: 0.6
db:BIDid:79739
Trust: 0.4
db:VULHUBid:VHN-84388
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08488 // 
            
            
            
            VULHUB: VHN-84388 // 
            
            
            
            BID: 79739 // 
            
            
            
            JVNDB: JVNDB-2015-006478 // 
            
            
            
            CNNVD: CNNVD-201512-536 // 
            
            
            
            NVD: CVE-2015-6427

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151217-fsm
Trust: 2.6
url:http://www.securitytracker.com/id/1034488
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6427
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6427
Trust: 0.8
url:http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08488 // 
            
            
            
            VULHUB: VHN-84388 // 
            
            
            
            BID: 79739 // 
            
            
            
            JVNDB: JVNDB-2015-006478 // 
            
            
            
            CNNVD: CNNVD-201512-536 // 
            
            
            
            NVD: CVE-2015-6427

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 79739

SOURCES
db:CNVDid:CNVD-2015-08488
db:VULHUBid:VHN-84388
db:BIDid:79739
db:JVNDBid:JVNDB-2015-006478
db:CNNVDid:CNNVD-201512-536
db:NVDid:CVE-2015-6427

LAST UPDATE DATE
2024-11-23T23:09:13.395000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08488date:2015-12-28T00:00:00
db:VULHUBid:VHN-84388date:2016-12-07T00:00:00
db:BIDid:79739date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006478date:2015-12-21T00:00:00
db:CNNVDid:CNNVD-201512-536date:2015-12-24T00:00:00
db:NVDid:CVE-2015-6427date:2024-11-21T02:34:58.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08488date:2015-12-28T00:00:00
db:VULHUBid:VHN-84388date:2015-12-18T00:00:00
db:BIDid:79739date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006478date:2015-12-21T00:00:00
db:CNNVDid:CNNVD-201512-536date:2015-12-21T00:00:00
db:NVDid:CVE-2015-6427date:2015-12-18T11:59:02.793