CVE-2016-6396

MEDIUM

Cisco Firepower <6.1 - Auth Bypass

Title source: llm

Description

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

References (3)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92826

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036756

Scores

CVSS v3 5.3

EPSS 0.0043

EPSS Percentile 62.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-20

Status published

Affected Products (50)

cisco/firesight_system_software

... and 35 more

Timeline

Published Sep 12, 2016

Tracked Since Feb 18, 2026