Sign-up

ID

VAR-201609-0306


CVE

CVE-2016-6394


TITLE

Cisco Firepower Management Center and FireSIGHT system In software Web Session hijacking vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004635

DESCRIPTION

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. Vendors have confirmed this vulnerability Bug ID CSCuz80503 It is released as.Session by a third party ID Through Web Sessions may be hijacked. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected application. This issue is being tracked by Cisco Bug ID CSCuz8050

Trust: 1.98

sources: NVD: CVE-2016-6394 // JVNDB: JVNDB-2016-004635 // BID: 92825 // VULHUB: VHN-95214

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.1.0

Trust: 1.9

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.9

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 1.9

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.4

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.7

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.4

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.3

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.2

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:lteversion:6.1.0

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:lteversion:6.1.0

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.4

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3.9

Trust: 0.3

sources: BID: 92825 // JVNDB: JVNDB-2016-004635 // CNNVD: CNNVD-201609-108 // NVD: CVE-2016-6394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6394
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6394
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201609-108
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95214
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6394
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95214
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6394
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95214 // JVNDB: JVNDB-2016-004635 // CNNVD: CNNVD-201609-108 // NVD: CVE-2016-6394

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95214 // JVNDB: JVNDB-2016-004635 // NVD: CVE-2016-6394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-108

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201609-108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004635

PATCH
title:cisco-sa-20160907-fsmcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-004635

EXTERNAL IDS
db:NVDid:CVE-2016-6394
Trust: 2.8
db:BIDid:92825
Trust: 2.0
db:SECTRACKid:1036757
Trust: 1.1
db:JVNDBid:JVNDB-2016-004635
Trust: 0.8
db:CNNVDid:CNNVD-201609-108
Trust: 0.7
db:NSFOCUSid:34782
Trust: 0.6
db:VULHUBid:VHN-95214
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95214 // 
            
            
            
            BID: 92825 // 
            
            
            
            JVNDB: JVNDB-2016-004635 // 
            
            
            
            CNNVD: CNNVD-201609-108 // 
            
            
            
            NVD: CVE-2016-6394

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160907-fsmc
Trust: 2.0
url:http://www.securityfocus.com/bid/92825
Trust: 1.7
url:http://www.securitytracker.com/id/1036757
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6394
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6394
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34782
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95214 // 
            
            
            
            BID: 92825 // 
            
            
            
            JVNDB: JVNDB-2016-004635 // 
            
            
            
            CNNVD: CNNVD-201609-108 // 
            
            
            
            NVD: CVE-2016-6394

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92825

SOURCES
db:VULHUBid:VHN-95214
db:BIDid:92825
db:JVNDBid:JVNDB-2016-004635
db:CNNVDid:CNNVD-201609-108
db:NVDid:CVE-2016-6394

LAST UPDATE DATE
2024-11-23T22:38:43.554000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95214date:2016-11-28T00:00:00
db:BIDid:92825date:2016-09-07T00:00:00
db:JVNDBid:JVNDB-2016-004635date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-108date:2016-09-13T00:00:00
db:NVDid:CVE-2016-6394date:2024-11-21T02:56:02.767

SOURCES RELEASE DATE
db:VULHUBid:VHN-95214date:2016-09-12T00:00:00
db:BIDid:92825date:2016-09-07T00:00:00
db:JVNDBid:JVNDB-2016-004635date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-108date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6394date:2016-09-12T10:59:07.287