CVE-2016-9209

MEDIUM

Cisco FirePOWER system software - Info Disclosure

Title source: llm

Description

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94817

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr

Scores

CVSS v3 4.3

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-254

Status published

Affected Products (14)

cisco/firepower_services_for_adaptive_security_appliance

n/a/Cisco FirePOWER < Cisco FirePOWER

Timeline

Published Dec 14, 2016

Tracked Since Feb 18, 2026