CVE-2015-6357

Cisco FireSIGHT Management Center 5.2-5.4.0.1 - Remote Code Execution via Rule Update Certificate Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6357. PoCs published by mattimustang.

AI-analyzed exploit summary This exploit chains CVE-2015-6357 (Cisco FireSIGHT SSL validation vulnerability) with a man-in-the-middle attack to deliver a malicious update script, achieving remote command execution as root via a reverse shell.

Description

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Exploits (1)

nomisec WORKING POC 6 stars
by mattimustang · poc
https://github.com/mattimustang/firepwner

This exploit chains CVE-2015-6357 (Cisco FireSIGHT SSL validation vulnerability) with a man-in-the-middle attack to deliver a malicious update script, achieving remote command execution as root via a reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco FireSIGHT Management Center (versions 5.2.0, 5.3.0, 5.4.0, 5.4.1.1, 5.4.1.2)
No auth needed
Prerequisites: Man-in-the-middle position (e.g., DNS spoofing, ARP poisoning) · FireSIGHT server configured to use attacker-controlled DNS · Network access to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034161
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536913/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Nov/79

Scores

EPSS 0.0263
EPSS Percentile 83.7%

Details

CWE
CWE-20
Status published
Products (7)
cisco/firesight_system_software 5.2.0
cisco/firesight_system_software 5.3.0
cisco/firesight_system_software 5.3.1.1
cisco/firesight_system_software 5.3.1.2
cisco/firesight_system_software 5.3.1.5
cisco/firesight_system_software 5.4.0
cisco/firesight_system_software 5.4.0.1
Published Nov 18, 2015
Tracked Since Feb 18, 2026