Description
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035437
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035439
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035438
Scores
CVSS v3
7.5
EPSS
0.0140
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (23)
cisco/asa_with_firepower_services
5.4.0
cisco/asa_with_firepower_services
5.4.0.1
cisco/asa_with_firepower_services
5.4.0.2
cisco/asa_with_firepower_services
5.4.0.3
cisco/asa_with_firepower_services
5.4.0.4
cisco/asa_with_firepower_services
5.4.0.5
cisco/asa_with_firepower_services
5.4.0.6
cisco/asa_with_firepower_services
6.0.0
cisco/asa_with_firepower_services
6.0.0.1
cisco/firesight_system_software
5.4.0
... and 13 more
Published
Apr 01, 2016
Tracked Since
Feb 18, 2026