|
|
|
Credit:
The original article can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc
|
|
Vulnerable Systems:
* Cisco Firesight System Software 5.2.0
* Cisco Firesight System Software 5.2.0.1
* Cisco Firesight System Software 5.2.0.2
* Cisco Firesight System Software 5.2.0.3
* Cisco Firesight System Software 5.2.0.4
* Cisco Firesight System Software 5.2.0.5
* Cisco Firesight System Software 5.2.0.6
* Cisco Firesight System Software 5.2.0.8
* Cisco Firesight System Software 5.3.0
* Cisco Firesight System Software 5.3.0.1
* Cisco Firesight System Software 5.3.0.2
* Cisco Firesight System Software 5.3.0.3
* Cisco Firesight System Software 5.3.0.4
* Cisco Firesight System Software 5.3.0.5
* Cisco Firesight System Software 5.3.0.6
* Cisco Firesight System Software 5.3.0.7
* Cisco Firesight System Software 5.3.1
* Cisco Firesight System Software 5.3.1.1
* Cisco Firesight System Software 5.3.1.2
* Cisco Firesight System Software 5.3.1.3
* Cisco Firesight System Software 5.3.1.4
* Cisco Firesight System Software 5.3.1.5
* Cisco Firesight System Software 5.3.1.7
* Cisco Firesight System Software 5.4.0
* Cisco Firesight System Software 5.4.0.1
* Cisco Firesight System Software 5.4.0.2
* Cisco Firesight System Software 5.4.0.3
* Cisco Firesight System Software 5.4.0.4
* Cisco Firesight System Software 5.4.0.5
* Cisco Firesight System Software 5.4.0.6
* Cisco Firesight System Software 5.4.1
* Cisco Firesight System Software 5.4.1.2
* Cisco Firesight System Software 5.4.1.3
* Cisco Firesight System Software 5.4.1.4
* Cisco Firesight System Software 6.0.0
* Cisco Firesight System Software 6.0.0.1
* Cisco Firesight System Software 6.0.1
* Cisco Firesight System Software 6.1.0
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session.
The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the application through the web-based management interface. A successful exploit could allow the attacker to hijack an authenticated user s browser session.
CVE Information:
CVE-2016-6394
Disclosure Timeline:
Publish Date : 2016-09-12
Last Update Date : 2016-09-12
|
|
|
|