CVE-2016-1345

moderate-risk
Published 2016-04-01

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

Do I need to act?

-
0.49% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Asa With Firepower Services
Asa With Firepower Services
Asa With Firepower Services
Asa With Firepower Services
Asa With Firepower Services
Asa With Firepower Services
Asa With Firepower Services
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Asa With Firepower Services
Asa With Firepower Services
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software

Affected Vendors

Cisco

References (8)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1035437
http://www.securitytracker.com/id/1035438
http://www.securitytracker.com/id/1035439
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1035437
http://www.securitytracker.com/id/1035438
http://www.securitytracker.com/id/1035439
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 21/34 · High