CVE-2016-6417

HIGH

Cisco FireSIGHT System Software <6.1.0 - CSRF

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036918
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93199

Scores

CVSS v3 8.8
EPSS 0.0063
EPSS Percentile 45.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (50)
cisco/firesight_system_software 4.10.2
cisco/firesight_system_software 4.10.2.1
cisco/firesight_system_software 4.10.2.2
cisco/firesight_system_software 4.10.2.3
cisco/firesight_system_software 4.10.2.4
cisco/firesight_system_software 4.10.2.5
cisco/firesight_system_software 4.10.3
cisco/firesight_system_software 4.10.3.1
cisco/firesight_system_software 4.10.3.2
cisco/firesight_system_software 4.10.3.3
... and 40 more
Published Oct 05, 2016
Tracked Since Feb 18, 2026