Sign-up

ID

VAR-201610-0268


CVE

CVE-2016-6417


TITLE

Cisco FireSIGHT system Software and Firepower Management Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2016-005159

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. Vendors have confirmed this vulnerability Bug ID CSCva21636 It is released as.A third party may be able to hijack the authentication of any user. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCva21636

Trust: 1.98

sources: NVD: CVE-2016-6417 // JVNDB: JVNDB-2016-005159 // BID: 93199 // VULHUB: VHN-95237

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.7

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.9

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.10

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.9

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.11

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.10

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.2 to 6.1.0

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:0

Trust: 0.3

sources: BID: 93199 // JVNDB: JVNDB-2016-005159 // CNNVD: CNNVD-201609-640 // NVD: CVE-2016-6417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6417
value: HIGH

Trust: 1.0

NVD: CVE-2016-6417
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-640
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6417
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95237
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6417
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95237 // JVNDB: JVNDB-2016-005159 // CNNVD: CNNVD-201609-640 // NVD: CVE-2016-6417

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-95237 // JVNDB: JVNDB-2016-005159 // NVD: CVE-2016-6417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-640

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201609-640

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005159

PATCH
title:cisco-sa-20160928-fmcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005159

EXTERNAL IDS
db:NVDid:CVE-2016-6417
Trust: 2.8
db:BIDid:93199
Trust: 2.0
db:SECTRACKid:1036918
Trust: 1.1
db:JVNDBid:JVNDB-2016-005159
Trust: 0.8
db:CNNVDid:CNNVD-201609-640
Trust: 0.7
db:VULHUBid:VHN-95237
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95237 // 
            
            
            
            BID: 93199 // 
            
            
            
            JVNDB: JVNDB-2016-005159 // 
            
            
            
            CNNVD: CNNVD-201609-640 // 
            
            
            
            NVD: CVE-2016-6417

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-fmc
Trust: 2.0
url:http://www.securityfocus.com/bid/93199
Trust: 1.7
url:http://www.securitytracker.com/id/1036918
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6417
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6417
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95237 // 
            
            
            
            BID: 93199 // 
            
            
            
            JVNDB: JVNDB-2016-005159 // 
            
            
            
            CNNVD: CNNVD-201609-640 // 
            
            
            
            NVD: CVE-2016-6417

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93199 // 
            
            
            
            CNNVD: CNNVD-201609-640

SOURCES
db:VULHUBid:VHN-95237
db:BIDid:93199
db:JVNDBid:JVNDB-2016-005159
db:CNNVDid:CNNVD-201609-640
db:NVDid:CVE-2016-6417

LAST UPDATE DATE
2024-11-23T22:13:13.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95237date:2017-07-30T00:00:00
db:BIDid:93199date:2016-10-03T04:01:00
db:JVNDBid:JVNDB-2016-005159date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-640date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6417date:2024-11-21T02:56:05.433

SOURCES RELEASE DATE
db:VULHUBid:VHN-95237date:2016-10-05T00:00:00
db:BIDid:93199date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005159date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-640date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6417date:2016-10-05T17:59:06.820