CVE-2015-6357

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Severity	MEDIUM
CVSS	6.8
CWE	CWE-20
KEV
Published	10 years ago
Modified	1 week ago

Related Products

Product	Advisory
Cisco Secure Firewall Management Center (FMC)	cisco-sa-20151116-fmc
Cisco RV Series Routers	cisco-sa-20151116-fmc
Cisco Nexus Dashboard	cisco-sa-20151116-fmc
Cisco Firepower System Software	cisco-sa-20151116-fmc