SB2016091301 - Two vulnerabilities in Cisco FireSIGHT

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2016-6395)

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Input validation error (CVE-ID: CVE-2016-6396)

The vulnerability allows a remote user to bypass malicious files detection on the target system.
The weakness is caused by incorrect validation of HTTP headers. Specially crafted HTTP header values sent by attacker can be used to bypass malware detection and blocking features on the target system.
Successful exploitation of this vulnerability may allow a remote user to bypass security mechanism on the vulnerable system.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1