CVE-2016-6396
MEDIUMCisco FireSIGHT System Software < 6.1 - Malware Detection Bypass via HTTP Header Field Manipulation
Title source: llmDescription
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036756
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1
Scores
CVSS v3
5.3
EPSS
0.0124
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (50)
cisco/firesight_system_software
5.1.0
cisco/firesight_system_software
5.1.0.1
cisco/firesight_system_software
5.1.0.2
cisco/firesight_system_software
5.1.0.3
cisco/firesight_system_software
5.1.1
cisco/firesight_system_software
5.1.1.1
cisco/firesight_system_software
5.1.1.2
cisco/firesight_system_software
5.1.1.3
cisco/firesight_system_software
5.1.1.4
cisco/firesight_system_software
5.1.1.5
... and 40 more
Published
Sep 12, 2016
Tracked Since
Feb 18, 2026