Cisco Firesight System Software — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Firesight System Software, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2016-6394 — CVSS 9.1 (critical): Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote…
CVE-2015-6335 — CVSS 9.0 (critical): The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated…
CVE-2016-6417 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center…
CVE-2016-1394 — CVSS 8.6 (high): Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by…
CVE-2016-1345 — CVSS 7.5 (high): Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass…
CVE-2016-6460 — CVSS 7.5 (high): A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software…
CVE-2016-9193 — CVSS 7.5 (high): A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System…
CVE-2016-1368 — CVSS 7.5 (high): Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced…
CVE-2016-6411 — CVSS 7.5 (high): Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which…
CVE-2016-1463 — CVSS 7.5 (high): Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in…
CVE-2017-6766 — CVSS 7.5 (high): A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0…
CVE-2015-6419 — CVSS 6.8 (medium): Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary…
CVE-2015-4242 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows…
CVE-2015-6357 — CVSS 6.8 (medium): The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the…
CVE-2017-6735 — CVSS 6.7 (medium): A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to…
CVE-2016-6420 — CVSS 6.5 (medium): Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass…
CVE-2016-6471 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an…
CVE-2015-4302 — CVSS 6.4 (medium): The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified…
CVE-2016-1294 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to…
CVE-2016-1293 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow…
CVE-2016-1355 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0…
CVE-2015-0706 — CVSS 5.8 (medium): Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote…
CVE-2015-0773 — CVSS 5.5 (medium): Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified…
CVE-2016-6395 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and…
CVE-2016-6396 — CVSS 5.3 (medium): Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled…
CVE-2015-6427 — CVSS 5.0 (medium): Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules…
CVE-2015-0766 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco…
CVE-2015-0737 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary…
CVE-2015-4270 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject…
CVE-2015-0739 — CVSS 4.0 (medium): The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote…
CVE-2016-1356 — CVSS 3.7 (low): Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote…
CVE-2015-0707 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote…
CVE-2015-6363 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow…
CVE-2015-6354 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated…
CVE-2015-6353 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow…