Sign-up

ID

VAR-201605-0547


CVE

CVE-2016-1368


TITLE

Cisco FirePOWER System Software Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-02806 // CNNVD: CNNVD-201605-108

DESCRIPTION

Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. Vendors have confirmed this vulnerability Bug ID CSCuu86214 It is released as.Denial of service operation via a packet crafted by a third party ( Stop packet processing ) There is a possibility of being put into a state. Cisco Firepower is an advanced firewall family. An unauthenticated remote attacker can cause the affected device to refuse service. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuu86214

Trust: 2.52

sources: NVD: CVE-2016-1368 // JVNDB: JVNDB-2016-002693 // CNVD: CNVD-2016-02806 // BID: 89933 // VULHUB: VHN-90187

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-02806

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.4

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.6 for up to 5.3.x

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3 for up to 5.4.x

Trust: 0.8

vendor:ciscomodel:firepower system softwarescope:gteversion:5.3.0,<=5.3.0.6

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:gteversion:5.4.0<=5.4.0.3

Trust: 0.6

sources: CNVD: CNVD-2016-02806 // JVNDB: JVNDB-2016-002693 // CNNVD: CNNVD-201605-108 // NVD: CVE-2016-1368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1368
value: HIGH

Trust: 1.0

NVD: CVE-2016-1368
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-02806
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-108
value: HIGH

Trust: 0.6

VULHUB: VHN-90187
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1368
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-02806
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90187
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1368
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-02806 // VULHUB: VHN-90187 // JVNDB: JVNDB-2016-002693 // CNNVD: CNNVD-201605-108 // NVD: CVE-2016-1368

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-90187 // JVNDB: JVNDB-2016-002693 // NVD: CVE-2016-1368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-108

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201605-108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002693

PATCH
title:cisco-sa-20160504-firepowerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower
Trust: 0.8
title:Patch for CiscoFirePOWER SystemSoftware Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/75290
Trust: 0.6
title:Cisco FirePOWER System Software Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61431
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02806 // 
            
            
            
            JVNDB: JVNDB-2016-002693 // 
            
            
            
            CNNVD: CNNVD-201605-108

EXTERNAL IDS
db:NVDid:CVE-2016-1368
Trust: 3.4
db:JVNDBid:JVNDB-2016-002693
Trust: 0.8
db:CNNVDid:CNNVD-201605-108
Trust: 0.7
db:CNVDid:CNVD-2016-02806
Trust: 0.6
db:BIDid:89933
Trust: 0.3
db:VULHUBid:VHN-90187
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-02806 // 
            
            
            
            VULHUB: VHN-90187 // 
            
            
            
            BID: 89933 // 
            
            
            
            JVNDB: JVNDB-2016-002693 // 
            
            
            
            CNNVD: CNNVD-201605-108 // 
            
            
            
            NVD: CVE-2016-1368

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-firepower
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1368
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1368
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-02806 // 
            
            
            
            VULHUB: VHN-90187 // 
            
            
            
            BID: 89933 // 
            
            
            
            JVNDB: JVNDB-2016-002693 // 
            
            
            
            CNNVD: CNNVD-201605-108 // 
            
            
            
            NVD: CVE-2016-1368

CREDITS
Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201605-108

SOURCES
db:CNVDid:CNVD-2016-02806
db:VULHUBid:VHN-90187
db:BIDid:89933
db:JVNDBid:JVNDB-2016-002693
db:CNNVDid:CNNVD-201605-108
db:NVDid:CVE-2016-1368

LAST UPDATE DATE
2024-11-23T22:56:22.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-02806date:2016-05-09T00:00:00
db:VULHUBid:VHN-90187date:2016-05-09T00:00:00
db:BIDid:89933date:2016-07-06T14:36:00
db:JVNDBid:JVNDB-2016-002693date:2016-05-17T00:00:00
db:CNNVDid:CNNVD-201605-108date:2016-05-06T00:00:00
db:NVDid:CVE-2016-1368date:2024-11-21T02:46:16.167

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-02806date:2016-05-09T00:00:00
db:VULHUBid:VHN-90187date:2016-05-05T00:00:00
db:BIDid:89933date:2016-05-04T00:00:00
db:JVNDBid:JVNDB-2016-002693date:2016-05-17T00:00:00
db:CNNVDid:CNNVD-201605-108date:2016-05-05T00:00:00
db:NVDid:CVE-2016-1368date:2016-05-05T21:59:00.470