Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability

cisco-sa-20160928-fmc · Medium · Published · Updated

A cross-site request forgery (CSRF) vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc

Cisco advisory ·CSAF JSON

Workarounds

For additional information about cross-site request forgery attacks and potential mitigation methods, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectorshttp://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726 .

CVEsCVE-2016-6417
Cisco Bug IDsCSCva21636
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Firepower System Software

Related Products

Product CVE Evidence
Cisco Firepower System Software CVE-2016-6417 Cisco OpenVuln
Cisco Firepower Management Center CVE-2016-6417 Cisco OpenVuln