ID
VAR-201612-0359
CVE
CVE-2016-9193
TITLE
Cisco Firepower Management Center and FireSIGHT system Vulnerabilities that bypass software malware detection mechanisms
Trust: 0.8
DESCRIPTION
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb27494
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.0.0 | Trust: 2.4 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.0.0.0 | Trust: 2.4 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.0.0.1 | Trust: 2.4 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.0.1 | Trust: 1.8 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.0.1.1 | Trust: 1.8 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 6.1.0 | Trust: 1.8 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.0.1 | Trust: 1.4 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.1 | Trust: 1.4 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.1.0 | Trust: 1.0 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.0.1.1 | Trust: 1.0 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.0.0.1 | Trust: 1.0 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.0.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | secure firewall management center | scope: | eq | version: | 6.0.1 | Trust: 1.0 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.0 | Trust: 0.8 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.0.0 | Trust: 0.8 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.1.1 | Trust: 0.8 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.1.0 | Trust: 0.8 |
| vendor: | cisco | model: | firesight system software | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20161207-firepower | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-9193 | Trust: 2.8 |
| db: | BID | id: | 94801 | Trust: 1.4 |
| db: | SECTRACK | id: | 1037421 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-006315 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201612-218 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-98013 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-firepower | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/94801 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1037421 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9193 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9193 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-98013 |
| db: | BID | id: | 94801 |
| db: | JVNDB | id: | JVNDB-2016-006315 |
| db: | CNNVD | id: | CNNVD-201612-218 |
| db: | NVD | id: | CVE-2016-9193 |
LAST UPDATE DATE
2024-11-27T22:53:46.973000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-98013 | date: | 2016-12-23T00:00:00 |
| db: | BID | id: | 94801 | date: | 2016-12-20T01:08:00 |
| db: | JVNDB | id: | JVNDB-2016-006315 | date: | 2016-12-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201612-218 | date: | 2016-12-12T00:00:00 |
| db: | NVD | id: | CVE-2016-9193 | date: | 2024-11-26T16:09:02.407 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-98013 | date: | 2016-12-14T00:00:00 |
| db: | BID | id: | 94801 | date: | 2016-12-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-006315 | date: | 2016-12-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201612-218 | date: | 2016-12-09T00:00:00 |
| db: | NVD | id: | CVE-2016-9193 | date: | 2016-12-14T00:59:16.973 |