CISCO : Cisco FireSIGHT System Software Malware Bypass Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106233

Categoría: CISCO

Título: Cisco FireSIGHT System Software Malware Bypass Vulnerability

Resumen: A vulnerability in the malicious file detection and blocking features of;Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection;mechanisms on an affected system.;;The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this;vulnerability by crafting specific file content on a server or persuading a user to click a specific link. A;successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are;configured for the system, which could allow malware to pass through the system undetected.

Descripción: Summary:
A vulnerability in the malicious file detection and blocking features of
Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection
mechanisms on an affected system.

The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this
vulnerability by crafting specific file content on a server or persuading a user to click a specific link. A
successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are
configured for the system, which could allow malware to pass through the system undetected.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6396
BugTraq ID: 92826
http://www.securityfocus.com/bid/92826
Cisco Security Advisory: 20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1
http://www.securitytracker.com/id/1036756

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106233
Categoría:	CISCO
Título:	Cisco FireSIGHT System Software Malware Bypass Vulnerability
Resumen:	A vulnerability in the malicious file detection and blocking features of;Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection;mechanisms on an affected system.;;The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this;vulnerability by crafting specific file content on a server or persuading a user to click a specific link. A;successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are;configured for the system, which could allow malware to pass through the system undetected.
Descripción:	Summary: A vulnerability in the malicious file detection and blocking features of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by crafting specific file content on a server or persuading a user to click a specific link. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6396 BugTraq ID: 92826 http://www.securityfocus.com/bid/92826 Cisco Security Advisory: 20160907 Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1 http://www.securitytracker.com/id/1036756
Copyright	Copyright (C) 2016 Greenbone AG