CVE-2016-9193

moderate-risk
Published 2016-12-14

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.

Do I need to act?

-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (12)

Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software
Firesight System Software

Affected Vendors

Cisco

References (6)

Third Party Advisory http://www.securityfocus.com/bid/94801
Third Party Advisory http://www.securitytracker.com/id/1037421
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
Third Party Advisory http://www.securityfocus.com/bid/94801
Third Party Advisory http://www.securitytracker.com/id/1037421
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate