CVE-2015-6357
Cisco FireSIGHT Management Center 5.2-5.4.0.1 - Remote Code Execution via Rule Update Certificate Spoofing
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-6357. PoCs published by mattimustang.
AI-analyzed exploit summary This exploit chains CVE-2015-6357 (Cisco FireSIGHT SSL validation vulnerability) with a man-in-the-middle attack to deliver a malicious update script, achieving remote command execution as root via a reverse shell.
Description
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
Exploits (1)
This exploit chains CVE-2015-6357 (Cisco FireSIGHT SSL validation vulnerability) with a man-in-the-middle attack to deliver a malicious update script, achieving remote command execution as root via a reverse shell.