CVE-2015-6357

medium Cisco
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
5.9%
Exploitation probability in 30 days
Top 9% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: November 18, 2015 (3830 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

CWE

CWE-20

Affected Products

cisco firesight system software

References

🔗 packetstormsecurity.com 🔗 seclists.org 🔗 tools.cisco.com 🔗 wadofstuff.blogspot.com.au 🔗 www.securityfocus.com