Lucene search

CiscoCVE-2016-1345

HistoryApr 01, 2016 - 12:59 a.m.

CVE-2016-1345

2016-04-0100:59:00

CWE-20

cisco

web.nvd.nist.gov

cisco

firesight

asa

firepower

malware protection

bypass

cve-2016-1345

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

Affected configurations

Nvd

Node

ciscoasa_with_firepower_servicesMatch5.4.0

ciscoasa_with_firepower_servicesMatch5.4.0.1

ciscoasa_with_firepower_servicesMatch5.4.0.2

ciscoasa_with_firepower_servicesMatch5.4.0.3

ciscoasa_with_firepower_servicesMatch5.4.0.4

ciscoasa_with_firepower_servicesMatch5.4.0.5

ciscoasa_with_firepower_servicesMatch5.4.0.6

ciscoasa_with_firepower_servicesMatch6.0.0

ciscoasa_with_firepower_servicesMatch6.0.0.1

ciscofiresight_system_softwareMatch5.4.0

ciscofiresight_system_softwareMatch5.4.0.1

ciscofiresight_system_softwareMatch5.4.0.2

ciscofiresight_system_softwareMatch5.4.0.3

ciscofiresight_system_softwareMatch5.4.0.4

ciscofiresight_system_softwareMatch5.4.0.5

ciscofiresight_system_softwareMatch5.4.0.6

ciscofiresight_system_softwareMatch5.4.1

ciscofiresight_system_softwareMatch5.4.1.2

ciscofiresight_system_softwareMatch5.4.1.3

ciscofiresight_system_softwareMatch5.4.1.4

ciscofiresight_system_softwareMatch6.0.0

ciscofiresight_system_softwareMatch6.0.0.1

ciscofiresight_system_softwareMatch6.0.1

VendorProductVersionCPE
ciscoasa_with_firepower_services5.4.0cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.1cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.2cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.3cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.4cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.5cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*
ciscoasa_with_firepower_services5.4.0.6cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*
ciscoasa_with_firepower_services6.0.0cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*
ciscoasa_with_firepower_services6.0.0.1cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*
ciscofiresight_system_software5.4.0cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	asa_with_firepower_services	5.4.0	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:::::::*
cisco	asa_with_firepower_services	5.4.0.1	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:::::::*
cisco	asa_with_firepower_services	5.4.0.2	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:::::::*
cisco	asa_with_firepower_services	5.4.0.3	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:::::::*
cisco	asa_with_firepower_services	5.4.0.4	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:::::::*
cisco	asa_with_firepower_services	5.4.0.5	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:::::::*
cisco	asa_with_firepower_services	5.4.0.6	cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:::::::*
cisco	asa_with_firepower_services	6.0.0	cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:::::::*
cisco	asa_with_firepower_services	6.0.0.1	cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:::::::*
cisco	firesight_system_software	5.4.0	cpe:2.3:a:cisco:firesight_system_software:5.4.0:::::::*

Rows per page:

1-10 of 231

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

www.securitytracker.com/id/1035437

www.securitytracker.com/id/1035438

www.securitytracker.com/id/1035439

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Related for CVE-2016-1345