Vulnslist

find the latest Cisco vulnerabilities

Cisco FireSIGHT Management Center Certificate Validation Vulnerability

cisco-sa-20151116-fmc · Medium · Published · Updated

A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center (MC) could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the system. The vulnerability is due to lack of certificate validation during the HTTPS connection toward support.sourcefire.com to download the rule update package. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) to enable manipulation of the rule update package content. An exploit could allow the attacker to execute arbitrary code on the system with the privileges of the web server. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc

Cisco advisory ·CSAF JSON

Workarounds

Possible workarounds to avoid a DNS hijacking attack follow:


Turn off automatic updates and manually verify that the support.sourcefire.com host resolves to one of the IP addresses from the pool (listed in this section) before manually initiating an update of the rules

Configure the firewall to allow the IP address of the MC to connect externally only toward a limited set of addresses, including the support.sourcefire.com address pool (listed in this section) and 198.148.79.58 (intelligence.sourcefire.com)

The following IP addresses are the address pool for support.sourcefire.com:


50.19.123.95

50.16.210.129

54.221.210.248

54.221.211.1

54.221.212.60

54.221.212.170

54.221.212.241

54.221.213.96

54.221.213.209

54.221.214.25

54.221.214.81

CVEsCVE-2015-6357
Cisco Bug IDsCSCuw06444
CVSS ScoreBase 5.1
Base 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:C
Product Names From Source
Cisco Firepower System Software

Related Products

Product CVE Evidence
Cisco Firepower System Software CVE-2015-6357 Cisco OpenVuln