Description
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036918
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93199
Scores
CVSS v3
8.8
EPSS
0.0063
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (50)
cisco/firesight_system_software
4.10.2
cisco/firesight_system_software
4.10.2.1
cisco/firesight_system_software
4.10.2.2
cisco/firesight_system_software
4.10.2.3
cisco/firesight_system_software
4.10.2.4
cisco/firesight_system_software
4.10.2.5
cisco/firesight_system_software
4.10.3
cisco/firesight_system_software
4.10.3.1
cisco/firesight_system_software
4.10.3.2
cisco/firesight_system_software
4.10.3.3
... and 40 more
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026