CVE-2016-6394

high-risk

Published 2016-09-12

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

Do I need to act?

-

0.30% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Firesight System Software

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92825

http://www.securitytracker.com/id/1036757

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/92825

http://www.securitytracker.com/id/1036757

56

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 24/34 · High