Vulnerability Details : CVE-2016-9193
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
Products affected by CVE-2016-9193
- cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9193
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9193
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9193
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9193
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower
Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1037421
Cisco FireSIGHT Processing Error Lets Remote Users Bypass Malware Detection on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94801
Cisco Firepower Management Center and FireSIGHT System Software Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to