Main Vulnerability Database SB2016091304

SB2016091304 - Session fixation in Cisco FireSIGHT

Published: September 13, 2016

Security Bulletin ID SB2016091304

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Session fixation (CVE-ID: CVE-2016-6394)

The vulnerability allows a remote user to hijack the valid user's session.

The vulnerability exists due to web application uses previously generated session identifiers when the victim logs in to the application. A remote attacker can perform a session fixation attack and hijack target user's session.

Successful exploitation of this vulnerability may result in hijacking of valid user's browser session.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc