CVE-2015-6427

Published: Dec 18, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.

Affected (20)

Products: Cisco: Firesight System Software

Cisco

1 product

Firesight System Software

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Cisco Firesight System Software	Version 5.3.0.1
Cisco Firesight System Software	Version 5.3.0.2
Cisco Firesight System Software	Version 5.3.0
Cisco Firesight System Software	Version 5.3.1.1
Cisco Firesight System Software	Version 5.3.1.2
Cisco Firesight System Software	Version 5.3.1.3
Cisco Firesight System Software	Version 5.3.1.4
Cisco Firesight System Software	Version 5.3.1.5
Cisco Firesight System Software	Version 5.3.1.7
Cisco Firesight System Software	Version 5.3.1
Cisco Firesight System Software	Version 5.4.0.1
Cisco Firesight System Software	Version 5.4.0.4
Cisco Firesight System Software	Version 5.4.0
Cisco Firesight System Software	Version 5.4.1.2
Cisco Firesight System Software	Version 5.4.1.3
Cisco Firesight System Software	Version 5.4.1.4
Cisco Firesight System Software	Version 5.4.1
Cisco Firesight System Software	Version 6.0.0.1
Cisco Firesight System Software	Version 6.0.0
Cisco Firesight System Software	Version 6.0.1

Related CWEs

CWE-254

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1034488

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1034488

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.