Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

cisco-sa-20160727-firesight · Medium · Published 9 years ago · Updated 9 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection.   The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. An exploit could allow the attacker to bypass configured rules that use Snort detection. Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight

Cisco advisory ·CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEs	CVE-2016-1463
Cisco Bug IDs	CSCuz20737
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Firepower System Software	CVE-2016-1463	structured affected CSAF product_status