Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability

cisco-sa-20160921-fmc · Medium · Published · Updated

A vulnerability in SSL inspection for Cisco Firepower Management Center and Cisco FireSIGHT System software could allow an unauthenticated, remote attacker to bypass configured do-not-decrypt rules in the SSL policy rule set. The vulnerability is due to lack of verification of the user input parameters within the HTTP URL against the SSL certificate. An attacker could exploit this vulnerability by sending a crafted HTTP URL to the targeted system. An exploit could allow the attacker to bypass configured SSL inspection rules. The SSL inspection do-not-decrypt rule should force a connection to be permanently encrypted. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc

Cisco advisory ·CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEsCVE-2016-6411
Cisco Bug IDsCSCva50585
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Firepower System Software

Related Products

Product CVE Evidence
Cisco Firepower System Software CVE-2016-6411 Cisco OpenVuln
Cisco Firepower Management Center CVE-2016-6411 Cisco OpenVuln