CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6357

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.063

EPSS Ranking 90.5%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-6357

Cisco » Firesight System Software » Version: 5.2.0

cpe:2.3:a:cisco:firesight_system_software:5.2.0
Cisco » Firesight System Software » Version: 5.3.0

cpe:2.3:a:cisco:firesight_system_software:5.3.0
Cisco » Firesight System Software » Version: 5.3.1.1

cpe:2.3:a:cisco:firesight_system_software:5.3.1.1
Cisco » Firesight System Software » Version: 5.3.1.2

cpe:2.3:a:cisco:firesight_system_software:5.3.1.2
Cisco » Firesight System Software » Version: 5.3.1.5

cpe:2.3:a:cisco:firesight_system_software:5.3.1.5
Cisco » Firesight System Software » Version: 5.4.0

cpe:2.3:a:cisco:firesight_system_software:5.4.0
Cisco » Firesight System Software » Version: 5.4.0.1

cpe:2.3:a:cisco:firesight_system_software:5.4.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6357

Products

Pricing

Contact Us