CVE-2016-6396

MEDIUM

Cisco FireSIGHT System Software < 6.1 - Malware Detection Bypass via HTTP Header Field Manipulation

Title source: llm
STIX 2.1

Description

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92826
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036756

Scores

CVSS v3 5.3
EPSS 0.0124
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (50)
cisco/firesight_system_software 5.1.0
cisco/firesight_system_software 5.1.0.1
cisco/firesight_system_software 5.1.0.2
cisco/firesight_system_software 5.1.0.3
cisco/firesight_system_software 5.1.1
cisco/firesight_system_software 5.1.1.1
cisco/firesight_system_software 5.1.1.2
cisco/firesight_system_software 5.1.1.3
cisco/firesight_system_software 5.1.1.4
cisco/firesight_system_software 5.1.1.5
... and 40 more
Published Sep 12, 2016
Tracked Since Feb 18, 2026