Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

Cisco-SA-20150727-CVE-2015-4287 · Medium · Published · Updated

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certain web page on the Cisco Firepower 9000 device that should be restricted to authenticated users. An exploit could allow the attacker to access details about the Cisco Firepower 9000 device that should be available only to an authenticated user. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit this vulnerability, an attacker may need access to trusted, internal networks to access a certain web page on the device. This requirement could make exploitation difficult in environments that restrict network access from untrusted sources. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4287
Cisco Bug IDsCSCuu82230
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Firepower Extensible Operating System, Firepower Extensible Operating System

Related Products

Product CVE Evidence
Firepower Extensible Operating System CVE-2015-4287 Cisco OpenVuln
Cisco Firepower Extensible Operating System CVE-2015-4287 Cisco OpenVuln
Cisco Firepower 9000 Series CVE-2015-4287 Cisco OpenVuln