SB2016092224 - Security restrictions bypass in Cisco FireSIGHT
Published: September 22, 2016 Updated: April 5, 2018
Security Bulletin ID
SB2016092224
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2016-6411)
The vulnerability allows a remote user to bypass security access on the target system.The weakness exists due to improper input validation. By sending specially crafted HTTP URL attackers can cause parameter validation flaw bypass the SSL inspection policy 'do-not-decrypt' rule.
Successful exploitation of the vulnerability may result in gaining access to the vulnerable system.
Remediation
Install update from vendor's website.