Sign-up

ID

VAR-201603-0285


CVE

CVE-2016-1356


TITLE

Cisco FireSIGHT system Vulnerabilities that enumerate valid user names in software

Trust: 0.8

sources: JVNDB: JVNDB-2016-001589

DESCRIPTION

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. Cisco FireSIGHT system The software uses a fixed amount of time ( constant-time ) There is a vulnerability that enumerates valid user names because no algorithm is used. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services

Trust: 1.71

sources: NVD: CVE-2016-1356 // JVNDB: JVNDB-2016-001589 // VULHUB: VHN-90175

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:_6.1.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2016-001589 // CNNVD: CNNVD-201603-016 // NVD: CVE-2016-1356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1356
value: LOW

Trust: 1.0

NVD: CVE-2016-1356
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201603-016
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1356
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90175
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1356
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90175 // JVNDB: JVNDB-2016-001589 // CNNVD: CNNVD-201603-016 // NVD: CVE-2016-1356

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-90175 // JVNDB: JVNDB-2016-001589 // NVD: CVE-2016-1356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-016

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201603-016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001589

PATCH
title:cisco-sa-20160302-FireSIGHT1url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001589

EXTERNAL IDS
db:NVDid:CVE-2016-1356
Trust: 2.5
db:SECTRACKid:1035189
Trust: 1.1
db:JVNDBid:JVNDB-2016-001589
Trust: 0.8
db:CNNVDid:CNNVD-201603-016
Trust: 0.6
db:BIDid:84121
Trust: 0.1
db:VULHUBid:VHN-90175
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90175 // 
            
            
            
            JVNDB: JVNDB-2016-001589 // 
            
            
            
            CNNVD: CNNVD-201603-016 // 
            
            
            
            NVD: CVE-2016-1356

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-firesight1
Trust: 1.7
url:http://www.securitytracker.com/id/1035189
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1356
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1356
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90175 // 
            
            
            
            JVNDB: JVNDB-2016-001589 // 
            
            
            
            CNNVD: CNNVD-201603-016 // 
            
            
            
            NVD: CVE-2016-1356

SOURCES
db:VULHUBid:VHN-90175
db:JVNDBid:JVNDB-2016-001589
db:CNNVDid:CNNVD-201603-016
db:NVDid:CVE-2016-1356

LAST UPDATE DATE
2024-11-23T22:31:00.255000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90175date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001589date:2016-03-07T00:00:00
db:CNNVDid:CNNVD-201603-016date:2016-03-04T00:00:00
db:NVDid:CVE-2016-1356date:2024-11-21T02:46:14.827

SOURCES RELEASE DATE
db:VULHUBid:VHN-90175date:2016-03-03T00:00:00
db:JVNDBid:JVNDB-2016-001589date:2016-03-07T00:00:00
db:CNNVDid:CNNVD-201603-016date:2016-03-03T00:00:00
db:NVDid:CVE-2016-1356date:2016-03-03T22:59:13.333