CVE-2016-1356
LOWCisco FireSIGHT System Software 6.1.0 - Info Disclosure
Title source: llmDescription
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
Scores
CVSS v3
3.7
EPSS
0.0024
EPSS Percentile
46.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-287
CWE-255
Status
draft
Affected Products (1)
cisco/firesight_system_software
Timeline
Published
Mar 03, 2016
Tracked Since
Feb 18, 2026