ID

VAR-201604-0565


CVE

CVE-2016-1345


TITLE

Cisco FireSIGHT system Software and ASA with FirePOWER Services Vulnerabilities that prevent malware protection

Trust: 0.8

sources: JVNDB: JVNDB-2016-001931

DESCRIPTION

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCux22726. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to bypass malicious file detection or blocking policies. The following devices and versions are affected: Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services Version 5.4.0 to Version 6.0.0.1, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers(ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire Next 3D System Appliances, Virt -Generation Intrusion Prevention System (NGIPSv) for VMware

Trust: 1.98

sources: NVD: CVE-2016-1345 // JVNDB: JVNDB-2016-001931 // BID: 85749 // VULHUB: VHN-90164

AFFECTED PRODUCTS

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.4

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.2

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.6

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.5

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.3

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0.1

Trust: 1.6

vendor:ciscomodel:asa with firepower servicesscope:eqversion:6.0.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:asa with firepower servicesscope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.5

Trust: 1.0

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5.4.0 to 6.0.0.1

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0 to 6.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2016-001931 // CNNVD: CNNVD-201603-428 // NVD: CVE-2016-1345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1345
value: HIGH

Trust: 1.0

NVD: CVE-2016-1345
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201603-428
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1345
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90164
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1345
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90164 // JVNDB: JVNDB-2016-001931 // CNNVD: CNNVD-201603-428 // NVD: CVE-2016-1345

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-90164 // JVNDB: JVNDB-2016-001931 // NVD: CVE-2016-1345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-428

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201603-428

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001931

PATCH

title:cisco-sa-20160330-fpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Trust: 0.8

title:cisco-sa-20160330-fpurl:http://www.cisco.com/cisco/web/support/JP/113/1136/1136613_cisco-sa-20160330-fp-j.html

Trust: 0.8

title:Cisco Firepower System Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60722

Trust: 0.6

sources: JVNDB: JVNDB-2016-001931 // CNNVD: CNNVD-201603-428

EXTERNAL IDS

db:NVDid:CVE-2016-1345

Trust: 2.8

db:SECTRACKid:1035438

Trust: 1.1

db:SECTRACKid:1035437

Trust: 1.1

db:SECTRACKid:1035439

Trust: 1.1

db:JVNDBid:JVNDB-2016-001931

Trust: 0.8

db:CNNVDid:CNNVD-201603-428

Trust: 0.7

db:BIDid:85749

Trust: 0.3

db:VULHUBid:VHN-90164

Trust: 0.1

sources: VULHUB: VHN-90164 // BID: 85749 // JVNDB: JVNDB-2016-001931 // CNNVD: CNNVD-201603-428 // NVD: CVE-2016-1345

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160330-fp

Trust: 2.0

url:http://www.securitytracker.com/id/1035437

Trust: 1.1

url:http://www.securitytracker.com/id/1035438

Trust: 1.1

url:http://www.securitytracker.com/id/1035439

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1345

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1345

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-90164 // BID: 85749 // JVNDB: JVNDB-2016-001931 // CNNVD: CNNVD-201603-428 // NVD: CVE-2016-1345

CREDITS

This vulnerability was found and reported to Cisco by Dikla Barda, Liad Mizrachi, and Oded Vanunu from Check Point Security Team.

Trust: 0.6

sources: CNNVD: CNNVD-201603-428

SOURCES

db:VULHUBid:VHN-90164
db:BIDid:85749
db:JVNDBid:JVNDB-2016-001931
db:CNNVDid:CNNVD-201603-428
db:NVDid:CVE-2016-1345

LAST UPDATE DATE

2024-11-23T23:02:38.045000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90164date:2016-12-03T00:00:00
db:BIDid:85749date:2016-07-06T14:18:00
db:JVNDBid:JVNDB-2016-001931date:2016-04-04T00:00:00
db:CNNVDid:CNNVD-201603-428date:2016-04-01T00:00:00
db:NVDid:CVE-2016-1345date:2024-11-21T02:46:13.527

SOURCES RELEASE DATE

db:VULHUBid:VHN-90164date:2016-04-01T00:00:00
db:BIDid:85749date:2016-03-30T00:00:00
db:JVNDBid:JVNDB-2016-001931date:2016-04-04T00:00:00
db:CNNVDid:CNNVD-201603-428date:2016-03-31T00:00:00
db:NVDid:CVE-2016-1345date:2016-04-01T00:59:00.113